Contents
- 1 What kind of encryption key does FileVault use?
- 2 Do you need a password to use FileVault?
- 3 How to use FileVault 2 on a Mac?
- 4 What to do if you forget your recovery key for FileVault?
- 5 Can you use FileVault on OS X Mavericks?
- 6 What do you need to know about FileVault on Mac?
- 7 Do you have to be unlocked to use FileVault 2?
- 8 Can a Master recovery key be created with FileVault 2?
- 9 How does FileVault 2 affect I / O performance?
What kind of encryption key does FileVault use?
FileVault full-disk encryption (FileVault 2) uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk.
Do you need a password to use FileVault?
FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically. If you forget your account password or it doesn’t work, you might be able to reset your password. If you want to change the recovery key used to encrypt your startup disk, turn off FileVault in Security & Privacy preferences.
How to use FileVault 2 on a Mac?
FileVault 2 is available in OS X Lion or later . When FileVault is turned on, your Mac always requires that you log in with your account password. Choose Apple menu () > System Preferences, then click Security & Privacy. Click the FileVault tab. Click , then enter an administrator name and password.
How can I change the recovery key for FileVault?
If you want to change the recovery key used to encrypt your startup disk, turn off FileVault in Security & Privacy preferences. You can then turn it on again to generate a new key and disable all older keys.
Can You reinstall OS X on a FileVault 2?
In my mental model of FileVault 2, a tiny decryption program stored on the hard drive is loaded during the boot process. This program asks the user for the key and uses it to begin decrypting the drive and start the OS. If you were to reinstall the OS, it would overwrite the decryption program and boot normally.
What to do if you forget your recovery key for FileVault?
Reset your password or change your FileVault recovery key. If you forget your account password or it doesn’t work, you might be able to reset your password. If you want to change the recovery key used to encrypt your startup disk, turn off FileVault in Security & Privacy preferences.
Can you use FileVault on OS X Mavericks?
If you set up your Mac for a language that AppleCare doesn’t support, then turn on FileVault and store your key with Apple (OS X Mavericks only), your security questions and answers could be in a language that AppleCare doesn’t support.
FileVault uses an encryption method known as “XTS-AES-128 encryption with a 256-bit key” to encode the information on a disk. That method is quite secure; a Wikipedia search showed that “Breaking a symmetric 256-bit key by brute force requires 2 128 times more computational power than a 128-bit key.
What do you need to know about FileVault on Mac?
Any user accounts added after FileVault is enabled are automatically set up to use FileVault. Next, you need to decide how you want to be able to unlock your disk and reset your password if you ever forget that password. For Mac OS X 10.10 “Yosemite” and later, you can choose to use your iCloud account to unlock the disk and reset your password.
How do I change the recovery key for FileVault?
After FileVault has finished encrypting the startup disk and you restart the Mac, entering your account user ID and password unlocks the disk and lets the Mac finish startup. To change the recovery key that’s used to encrypt the startup disk, turn off FileVault in Security & Privacy preferences. Turn it on again, and a new key is generated.
Is there a FileVault recovery key for OS X Mavericks?
For Mac OS X 10.10 “Yosemite” and later, you can choose to use your iCloud account to unlock the disk and reset your password. For Mac OS X 10.9 “Mavericks” only, you can choose to store a FileVault recovery key with Apple.
Do you have to be unlocked to use FileVault 2?
Disks encrypted with FileVault 2 must first be unlocked by user accounts that are “unlocked enabled”; these are typically accounts with administrative privilege, preventing non-admin accounts from accessing the disk’s contents, regardless of the ACL permissions configured.
Can a Master recovery key be created with FileVault 2?
Once FileVault 2 is enabled, only the user with administrative privileges that enabled FileVault 2 with their account may decrypt the drive’s contents. Additionally, a master recovery key is created during the initial process; users with either of those keys may be the only ones to decrypt the volume and read the contents of the drive. HFS+ v.
How does FileVault 2 affect I / O performance?
Enabling FileVault 2 can have a negative impact on I/O performance of approximately 20-30% of modern CPUs, and it noticeably worsens performance on older processor hardware. If the passphrase or recovery key must be changed, the entire volume will need to be decrypted and have the encryption process run again with the new key.