Is using FileVault encryption in macOS good enough?

“There are many ways to use encryption on your Mac,” Jay Vrijenhoek writes for Intego. “Before you encrypt your Mac, it is vital to know which encryption type is best for you and to be aware of its strengths and weaknesses. This will you decide whether you should use FileVault or some other third-party encryption software to protect your Mac.”

“One of the most common encryption ciphers used in the world and the one macOS relies on the most — whether it’s FileVault, creating an encrypted disk image, or password protecting an iWork document — is Advanced Encryption Standard (AES),” Vrijenhoek writes. “AES is a solid cipher and can be used with 128-bit or 256-bit keys. They are both very good, and if a strong password is used the likelihood of it being cracked are very slim.”

“On everything macOS uses AES encryption, it defaults to 128-bit,” Vrijenhoek writes. “So you may be asking, why is 256-bit an option in Disk Utility? Most likely it’s there because government requires 256-bit AES encryption for ‘TOP SECRET’ files, and if the government requires it, others may as well, so Apple gives them the option to avoid complaints. For everyone else, 128-bit is more than enough to secure data… Any Mac since 2010 should be able to handle FileVault just fine without impacting performance. It’s built-in, it’s free and an excellent way to protect your data—using FileVault encryption is strongly recommended!”

Read more in the full article here.

MacDailyNews Take: 128-bit ought to be enough for anybody. 😉

Securing your Mac’s SSD before handing it off for repair – June 28, 2016
Why a strong password doesn’t help as much as a unique one – July 22, 2015


    1. No.

      Use a password manager like 1Password. Keep archives of its database. Print out and store master passwords in a safe place. Provide instructions for access to those master passwords in your will (or that they be destroyed).

  1. Off topic iKnow, BUT, it is late and I’m feeling good. Apple is still quality regardless of ALL naysayers. I just chuckle and cry as to HOW? this unethical, corrupt, foreign, hack company gained such presence in America. Much refection over the past 25+ years needs to pondered. HEY! Asia! Get a clue. Get some class. Stop your thieving corrupt ways. The lack of ethics in Asia is deplorable.

    Samsung was not always a sleek paragon of high tech and cutting-edge design. In fact, its products were so poorly made that the company was at one time dubbed “Samsuck” in the English-speaking world and among expats living in Korea.

    Samsung was founded in March 1938 by Lee Byung-chul in the port town of Taegu, Korea. As the company web site boasts: “Initially, his business focused primarily on trade export, selling dried Korean fish, vegetables, and fruit to Manchuria and Beijing.”

    So how did a food trading company get involved in electronics? Brute force, basically. The long-reigning South Korean President Park Jung-hee (term: 1961-1979; father of current president Park Geun-hae), secured international loans in the 1960s and 1970s to help turn Samsung into a major manufacturing concern. Until the 1980s (before it started becoming known for its microchip-manufacturing prowess), Samsung was known as a maker of cheap of household items – electric fans, microwaves – that didn’t work well to begin with and broke quickly. As Korean business professor Chang Sae-jin wrote in his book “Sony vs. Samsung,” the Samsung-made electric fan “was so poorly designed and manufactured that even lifting it up with one hand broke its neck.”

    ScamScum is the antithesis of “quality” …. more like Shite .!..

  2. Saying AES is like saying curry. There are literally thousands of possible ways the encryption methodology can be implemented. There are at least four major modes and thousands of possible secure hashes as well as multiple key lengths.

    The U.S. Government has approved one (just one of which I am aware) variant of AES-256 (one specific mode and NOT with SHA-1) for TS.

    It was shown *well* over a year ago that one mode with SHA-1 and 128 bit can be broken in a few hours (less if you throw a big machine at it). Thus the U.S. Government required that everyone move to a specific variant with 256 bit. SHA-1 was dropped from all approval lists.

    I haven’t dug into the specific mode and hash that File Vault uses, but if you turn on 256 bit, you’ll be fine against everyone but State Actors.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.