You Can Steal My Laptop But You Can't Steal My Data - FDE for OS X

posted onMarch 2, 2009
by hitbsecnews

By: L33tdawg

"Moron leaves laptop in strip club - 400 gazillion records lost" - "Travellers warned that laptops may be seized and examined at random" - Seems like not a day goes by when you either read about someone losing a laptop that had some super-top-secret-information-that-shouldn't-have-been-on-there-in-the-first-place or you hear about how the government has increasing powers to basically do whatever they want to you when crossing International borders including examining the contents on your laptop or seizing it indefinitely.

For me it's more a worry of having my laptop stolen than being stopped at some random airport and having my laptop seized for 'examination'. It's with that in mind that I went about looking for a proper disk encryption solution for OS X - don't get me wrong, the built in File Vault encryption in OS X is certainly fine for creating encrypted file containers (say to store your documents or financial information) or to encrypt your Home directory, it however doesn't support encrypting your ENTIRE hard drive. In short, its just not good and a less than ideal solution; besides, I've heard numerous horror stories about File Vaults gone wild and users ending up losing their entire Home Directory - basically everything important.

Up until recently though, there hasn't been a Full Disk Encryption solution for OS X - The guys from the free and open source TruCrypt project have been promising to have FDE coming for OS X 'soonish' (they've had this capability for Windows for a couple of versions already). The only available solutions for Mac users at the moment are both commercial - the first, Checkpoint's FDE for OS X and the second, PGP's FDE for OS X. I took a brief look at the installation documentation for the Checkpoint product however it seemed to cater more towards the enterprise market with its need for a central key server to store and manage keys should a user forget his/her pass. In short, it was just overkill for my needs.

PGP's offering on the other hand seemed to do precisely what I needed and then some - basically Full DIsk Encryption with on-boot passphrase protection in addition to providing PGP Mail and Document encrypting functionalities as well. At USD169, the price point is also not too much to swallow; at least for the average business user - I doubt most home users would have a need for FDE - (FileVault and a combination of encrypted DMGs should suffice to keep your porn collection 'safe').

Installation and Setup

Getting PGP FDE installed is not as difficult as one might imagine - You basically grab the installation packages from the PGP website, fill-in the purchase order forms and wait for your activation key to be sent to you. I did the installation on a Santa Rosa Macbook Pro 15.4" 2.4Ghz with 4GB of RAM - the machine has the stock standard 160GB 5400 RPM hard drive that shipped with it.


Fig 1: The main installation package


Fig 2: Welcome to PGP Installer

One of the first things you’ll need to do is to create your own PGP key – prior to installing PGP FDE, I was using GPG (GnuPG) together with Enigmail for Thunderbird. As such, I didn’t really need the PGP Mail functionality nor the drag and drop file encryption. That being said, I saw no way to import my GPG key into the installer in order to not have to create a new key.


Fig 3: Keyring Selection


Fig 4: Key Creation Summary

All I wanted from PGP was really an truly just the Full Disk Encryption portion of things, so submitting the key is I guess not really mandatory and you can choose to skip the key submission step (Fig 5)


Fig 5: Key Submission


Fig 6: The main PGP Desktop window


Fig 7: The main PGP Desktop window showing the PGP Disk option


Fig 8: Once you’ve selected the drive you want to encrypt and chosen your options (I left mine as default), the encryption process will begin and you can resume working while PGP does its thing in the background (Fig 9).


Fig 9


Fig 10: Drive encryption in progress. The time remaining count was pretty accurate and in the end the entire encryption process of my 160GB drive took just under 6 hours.


Figure 11: All done.

Performance and Real World Use

Although you don’t need to reboot after the encryption process is completed, I chose to do so anyway – the first thing you’ll be greeted with after the boot up chime is the PGP window asking you for the master password.

Once the system has booted up (this took marginally longer than usual – an increase of about 30 to 45 seconds) you’ll notice pretty much NOTHING that tells you the system has been encrypted. The machine performs exactly the same way and on my MBP, the responsiveness felt exactly the same as it did before. There was definitely not any noticeable slowdown either in launching applications or searching for documents or performing other disk intensive tasks.

One thing I did notice is that my system RAM started getting used up a lot quicker than it used to. Prior to FDE, post boot up, I’d have about 3GB of RAM free. This has now dropped to about 2GB. The other issue you’ll notice is with regards to page ins / page outs and swap used – they’re going to really grow quite large. Over the past 3 months, I’ve seen times when page ins/page outs has hit over 1.5 million and the swap has grown to 3GB. On average however (I reboot my machine perhaps once a week at most), the swap stays around the 2GB mark with page ins / page outs hovering between a 100,000 and 300,000.

In terms of actual performance numbers – a quick run through with XBench shows an overall Disk rating of 23.24 – this is more or less comparable to the performance numbers we saw from the 2.0GHz Black Macbook with 2GB of RAM and 120GB HDD we tested against when we did the Santa Rosa review. The MBP scored 39.35 in the original test and it only had 2GB of RAM at the time. As such, the current score of 23.24 WITH 4GB of RAM would be considered quite a large drop if you’re looking at only the numbers. For me though; a system that FEELS fast is definitely more important than one that scores high on benchmarks. ;)

Should you get it?

This depends entirely on what value you put on the security and privacy of information on your laptop. I personally feel USD169 is not really a lot to pay for the peace of mind that having a fully encrypted drive gives me.

References

PGP
http://www.pgp.com/products/wholediskencryption/

Enigmail
http://enigmail.mozdev.org/

GnuPG
http://www.gnupg.org/

TruCrypt
http://www.truecrypt.org/

HITB: Review of the new Santa Rosa Macbook Pro
http://hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=23547

Source

Tags

Articles

You May Also Like

Other Articles In This Section

Recent News

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone