Encrypt Home Folder in Lion

Started by deanras, December 29, 2011, 03:43:10 PM

Previous topic - Next topic

deanras

I know one advantage for Espionage is to selectively encrypt folders, but can I encrypt the entire Home Folder in Lion since Filevault 2 no longer has this option?

I'm assuming that it'll just ask me for one password at startup?

Or if I encrypt just the Library folder, will this cause any startup problems?

Thanks

ryan

#1
@deanras

I've got the same question. It's nice that OS X 10.7 has full disk encryption, but the fact that ANY user account now has access to the encryption keys for ALL of the data on the system seems like a giant step BACKWARD in terms of security. Additionally, decrypting the key with the user's login password, without an option for a separate encryption password is also quite annoying.

I'm trying to decide on Espionage, TrueCrypt, or another solution.

zsolt

#2
Dear Fellows,
Thanks for your interest in the product, and sorry for delayed answer.
To encrypt the home folder with Espionage is not possible, because the LauchAgent which is controlling the folder access is a user process, which is started after the user initiates the login. So the encrypted folders would be properly handled only after the Agent is started. Considering that the logon process needs the user data right away, the whole thing would fail.

However, encrypting the whole user folder, is rarely necessary, do you realy want to encrypt your preferences files for example?
You can simply encrypt say your Documents folder where you supposedly keep the sensitive data.
You can also encrypt your Emails, Addresses, Evernote Files etc, using application templates.

I hope this helps.
Rgds
Zsolt
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

ryan

#3
Yes, I think I would prefer that preferences are encrypted, because you never really know what sensitive information will leak out of your personal files, into your preferences. For example, website that you visit - or servers that you have on the internet in various places.
A solution that is able to encrypt the ENTIRE home folder (like the original FileVault) would be the ideal solution.

The idea that FileVault is no only as strong as the WEAKEST password on a system in shocking to me - can't see how anyone at Apple thought that was good security.

I understand that there are certain things that you may NOT want to encrypt, for example, movie files or other large media files. But I would think it makes more sense to start with a default ENCRYPT rule, and set up exclusions - sort of like a default DENY rule in a firewall. Only start decrypting things in your home folder that you are 100% certain that you want decrypted - something that primarily makes sense for performance reasons.

zsolt

#4
Hi Ryan, thanks for your thoughts, surely you are allowed to have your own point of view, I'm fine with that.
Unfortunately I cannot add anything to my last post.
I hope you will find a good solution which suites you.
Rgds
Zsolt
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support