9to5mac9to5mac wrote:FileVault has been included in Macs by Apple since the release of Panther many years ago. In Apple’s most recent release, OS X Lion, they included FileVault 2 which brought new ways of encryption. FileVault lets you encrypt your entire drive with a master password to protect key-chain passwords, files, and more. FileVault 2 uses a separate partition to store the FileVault log-in information.
Cnet points us to a new report from password recovery company Passware, who claims they can decrypt Apple’s FileVault 2 in under 40 minutes. Obviously, this is a big concern because FileVault contains so much of user’s information.
PassWare decrypts FileVault by going in through the system’s firewire connection and using live-memory analysis to extract the encryption key from the FileVault partition (so the machine must assumably be running?). From there you can uncover keychain files and log-in passwords which can be used to unlock the whole HDD/SSD.
PassWare conveniently makes PassWare 11.3 available to do this, but you’ll have to throw down a lofty $995 to get the software. PassWare makes this software primarily available for law enforcement.
DMA seems to cause more problems than it is worth to me. I'm waiting for SEDs to come down in price.
