[Discuss] Full disk encryption and backups
Richard Pieri
richard.pieri at gmail.com
Tue Jan 3 20:02:23 EST 2012
On Jan 3, 2012, at 5:59 PM, Edward Ned Harvey wrote:
>
> In filevault, you have whole disk encryption, and in time machine, you have
> backup disk encryption too.
Time Machine does no encryption whatsoever.
FileVault encrypts home directories in disk images similar to TrueCrypt container files. These are dumped as-are to Time Machine volumes so these at least are encrypted. This is why Apple created the sparsebundle, because sparseimages were clobbering Time Machine in 10.4. In 10.5, only the changed bands within the sparsebundle are dumped. These disk images are troublesome to restore: either you restore the entire disk image or you mount the image and pluck out files by hand.
FileVault 2 is WDE. FileVault 2 can be used to encrypt entire Time Machine volumes. But this means decrypting on reads from the source volume and recrypting on the target volume.
All exactly as I wrote.
--Rich P.
More information about the Discuss
mailing list