Apple’s FileVault disk encryption can be circumvented in less than an hour, according to a computer forensics firm, reports “The Register” (http://macte.ch/pGMcM). Technology from Passware can purportedly capture the content of a Mac machine’s memory, via Firewire interfaces, before extracting encryption keys.
Passware claims the latest version of its toolkit (Passware Kit Forensic 11.3) can recover hashed passwords with rainbow tables and extracting passwords from encrypted Mac keychain files as well as building a password list for its dictionary attack (based on the words detected in a computer memory). It can also reportedly unlock volumes encrypted using TrueCrypt, a disk encryption software that ranks alongside PGP as the choice of privacy-conscious computer users, human rights activists and others, according to “The Register.”
Mac OS X 10.7.x (“Lion”) includes a new version (2) of FileVault, which allows you to encrypt the information in your home folder. The app creates a separate volume for your home folder and encrypts the contents of it. The data in your home folder is encoded and your information is secure if your computer is lost or stolen.
FileVault also encrypts your external drives, including USB and FireWire drives. And I’m assuming Thunderbolt drives, though this book was written before I had a Thunderbolt drive to test. It also lets you wipe all the data from your Mac instantaneously with its “instant wipe” feature.