"Tight" security question with Espionage in "all Mac OS mode

Started by Jezza, November 18, 2011, 09:31:55 PM

Previous topic - Next topic

Jezza

I am just trialling Espionage and so far, it looks promising.

But I have the following questions / required clarifications after having looked up a few forum posts. Basically my aim is that specific data on my hard drive (and then copied onto a backup location - external HDD or offline/cloud storage) is unaccessible to anybody else than me.

If I understand correctly, encrypted folders use the standard/native  Mac OS encryption with sparse images/bundles "wrapped in a clever way" that allows Espionage to do its magic such as application data locking, auto-unlock, white-listing, etc.

1- I read on the forum that this means data on the hard drive is always encrypted (it only gets mounted as a volume and decrypted on the fly and stored in RAM when unlocked - but the actual HDD data is unlocked). Is this correct?

2- Does that mean that if I have many large encrypted folders - all unlocked, this will greatly increase RAM usage (to hold all this decrypted data)?

3- I understand that there are lots of requests for timed or screensaver/sleep-triggered auto-locks (many messages from 2010 in forum) but this does not seem to have been implemented (yet?) as I could not see any mention of it in the app or help file. I understand the complexities of it (if a document from an encrypted folder is open, etc.) and the usual answer seems to be "to enable the sleep/screensaver password in the Security System Preferences" (which I already do). I completely understand the rationale behind this: if a thief resets my user password to be able to login (will need to log off/restart) or access the HDD from another machine, they wont be able to access my RAM, which is where the decrypted information resides.
However my question is with regards to the sleepimage file, which - as I understand - contains a dump of the RAM to disk. Does this mean that the Espionage-protected data (all unlocked folders) will implicitly be dumped in its RAM-DEcrypted state to disk as part of the overall RAM dump/copy?

4- If the above is true. Is it sufficient to set the Security System Preference "Use Secure Virtual Memory" to true to be protected (i.e. the unlocked Espionage folders will be dumped in their decrypted state as part of the overall RAM, which is in turn fully encrypted somehow by Mac OS)?

5- In terms of backup, there should not be any of the problems above: if I keep to the recommendation of either using the built-in backups or ensure that the folders are locked when running the backup, only the encrypted data should be copied?

Thanks in advance (and sorry for the long message!)

Jezza

greg

Quote from: "Jezza"I am just trialling Espionage and so far, it looks promising.

But I have the following questions / required clarifications after having looked up a few forum posts. Basically my aim is that specific data on my hard drive (and then copied onto a backup location - external HDD or offline/cloud storage) is unaccessible to anybody else than me.

If I understand correctly, encrypted folders use the standard/native  Mac OS encryption with sparse images/bundles "wrapped in a clever way" that allows Espionage to do its magic such as application data locking, auto-unlock, white-listing, etc.

1- I read on the forum that this means data on the hard drive is always encrypted (it only gets mounted as a volume and decrypted on the fly and stored in RAM when unlocked - but the actual HDD data is unlocked). Is this correct?

Pretty much (with the clarification that has to do with your next question).

Quote2- Does that mean that if I have many large encrypted folders - all unlocked, this will greatly increase RAM usage (to hold all this decrypted data)?

Nope! Only the portions of the data that needs to be immediately used is kept in RAM. You can think of the hard disk as a safety vault full of delicious food. Outside of the vault is a table that we'll call RAM where the food is served and eaten. Someone outside of the vault seated at the RAM table asks for a slice of pizza, so the the security guard goes into the vault where a bunch of a crap is stored, he picks up a pile of dung and as he walks out of the vault with it it's magically transformed into a slice of pizza via mathematical voodoo. He places the pizza slice onto the RAM table where it's consumed by our guest who, in turn, when finished with the pizza, goes to the bathroom and... well hopefully you get the rest. ;)

Quote3- I understand that there are lots of requests for timed or screensaver/sleep-triggered auto-locks (many messages from 2010 in forum) but this does not seem to have been implemented (yet?) as I could not see any mention of it in the app or help file. I understand the complexities of it (if a document from an encrypted folder is open, etc.) and the usual answer seems to be "to enable the sleep/screensaver password in the Security System Preferences" (which I already do). I completely understand the rationale behind this: if a thief resets my user password to be able to login (will need to log off/restart) or access the HDD from another machine, they wont be able to access my RAM, which is where the decrypted information resides.
However my question is with regards to the sleepimage file, which - as I understand - contains a dump of the RAM to disk. Does this mean that the Espionage-protected data (all unlocked folders) will implicitly be dumped in its RAM-DEcrypted state to disk as part of the overall RAM dump/copy?

4- If the above is true. Is it sufficient to set the Security System Preference "Use Secure Virtual Memory" to true to be protected (i.e. the unlocked Espionage folders will be dumped in their decrypted state as part of the overall RAM, which is in turn fully encrypted somehow by Mac OS)?

Correct, make sure that's checked. I believe (but am not 100% sure) that this is the default on 10.7 and later.

Quote5- In terms of backup, there should not be any of the problems above: if I keep to the recommendation of either using the built-in backups or ensure that the folders are locked when running the backup, only the encrypted data should be copied?

You can go ahead and run backups even while the folders are unlocked as per the reasoning above (so long as the backup program does not backup the decrypted data by traversing the symbolic link/alias). The reason we recommend running third-party backups while the folder is the same locked state as during the previous backup is to optimize the efficiency of the backup because the hidden disk image is moved each time the folder is locked or unlocked (see here for details).

Note that the answers to these questions will likely be quite different in the next major release of Espionage.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

Jezza

Thanks so much for all these useful answers - really appreciate the speed of your response!

A few points below:

Quote from: "greg"
Quote3- I understand that there are lots of requests for timed or screensaver/sleep-triggered auto-locks (many messages from 2010 in forum) but this does not seem to have been implemented (yet?) as I could not see any mention of it in the app or help file. I understand the complexities of it (if a document from an encrypted folder is open, etc.) and the usual answer seems to be "to enable the sleep/screensaver password in the Security System Preferences" (which I already do). I completely understand the rationale behind this: if a thief resets my user password to be able to login (will need to log off/restart) or access the HDD from another machine, they wont be able to access my RAM, which is where the decrypted information resides.
However my question is with regards to the sleepimage file, which - as I understand - contains a dump of the RAM to disk. Does this mean that the Espionage-protected data (all unlocked folders) will implicitly be dumped in its RAM-DEcrypted state to disk as part of the overall RAM dump/copy?

4- If the above is true. Is it sufficient to set the Security System Preference "Use Secure Virtual Memory" to true to be protected (i.e. the unlocked Espionage folders will be dumped in their decrypted state as part of the overall RAM, which is in turn fully encrypted somehow by Mac OS)?

Correct, make sure that's checked. I believe (but am not 100% sure) that this is the default on 10.7 and later.


From what I remember reading yesterday (I read a lot while researching all that security business!...), it could be that the default is different in 10.6 for laptops (encrypted by default) and desktops (non-encrypted by default) - not sure about 10.7 but I would suggest people check their own settings.

Quote from: "greg"
Quote5- In terms of backup, there should not be any of the problems above: if I keep to the recommendation of either using the built-in backups or ensure that the folders are locked when running the backup, only the encrypted data should be copied?

You can go ahead and run backups even while the folders are unlocked as per the reasoning above (so long as the backup program does not backup the decrypted data by traversing the symbolic link/alias). The reason we recommend running third-party backups while the folder is the same locked state as during the previous backup is to optimize the efficiency of the backup because the hidden disk image is moved each time the folder is locked or unlocked (see here for details).

Just a question here: how would I make sure that the backup program (I use SuperDuper) does not traverse the symlink?

Quote from: "greg"Note that the answers to these questions will likely be quite different in the next major release of Espionage.

Leaving us a bit on a cliffhanger here!  ;)
Any more indications as to what could be different?
And when the next major release is due?

Should I worry about having to change my whole Espionage set up soon once the new version comes out?

greg

Quote from: "Jezza"Just a question here: how would I make sure that the backup program (I use SuperDuper) does not traverse the symlink?

You could check SuperDuper's backup settings for that, however I personally recommend, especially if using SuperDuper!, that you simply lock all folders prior to running it. This will make any potential restorations that you do super-simple with Espionage. Everything will "just work". You can tell Espionage to lock all folders by quitting all encrypted apps and then choosing "Lock All Folders" from the Espionage icon in the menubar prior to backing up with SuperDuper.

Quote from: "Jezza"Leaving us a bit on a cliffhanger here!  ;)
Any more indications as to what could be different?
And when the next major release is due?
Should I worry about having to change my whole Espionage set up soon once the new version comes out?

I know this is probably not the answer you're looking for, but I would say do not worry about the answers to these questions for now. ;)
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!