In case you use Time Machine in Leopard and were wondering how it worked: the default for Time Machine is to backup your data to an external drive, with no encryption or protection at all. Essentially, this means anyone with a Mac can grab your external drive and use their own Time Machine to restore your data to their own computer.
It seems possible to enable FileVault encryption for use with Time Machine, but it also seems pretty messy, and only works if your entire home directory is encrypted.
Some details are given in this MacOSXHints.com article: “How to use Time Machine with FileVault“. Apparently, even when it’s working, Time Machine backs up FileVault volumes only at the moment when the owner of the volumes is logging out [what?!?].
By the way, speaking of FileVault encryption, here’s an interesting claim by VileFault, which is software hosted by Google Code: “VileFault decrypts encrypted Mac OS X disk image files.” Don’t believe it? Have a look at this presentation, which includes a demonstration of cracking a FileVault volume with “VileFault”, or this Chaos Communication Congress session on “Unlocking FileVault” via reverse engineering.
What does all this mean? Well, if you lose your Time Machine external disk, or it gets stolen, and even if you’re using FileVault encryption, it means … All your Time Machine are belong to us.
A De Stefano Blog 
Nice summary–this convinced me to take a hammer to my cheapo external HD that just died, instead of sending it back to the manufacturer.
What you say !!
Be able to brute force attack by 2000 keys/sec on my filevault don’t mean someone could some day recover my filevault. With a 30 length long strong password you should have hard time trying to break my filevault backup.
I’m more concerned by a spyware on my computer (if “somebody set up us the bomb”) to break my filevault password than just a program that can only make a brute force attack on my encrypted disk image.
Thanks thanz; glad to help.
yogosototh: It’s true that your password would take longer to crack than some others (not everyone uses 30-character passwords), but it’s certainly not impossible, and that was the point.
That’s not a point, that’s bull$#!+. Having to use a brute force attack is the best thing you can say about _any_ encryption. Do you know about any _real_ security holes in encrypted disk images on a Mac? And I am asking out of interest and worry, not to provoke. Seems your FUDdy post did the job on me :P.
Hi Thomas,
First: I had to change a word in your post, since there is family content hosted here as well. I hope you don’t mind.
Second: I found your post grating and almost deleted it, but that wouldn’t be fair. If you’re going to call me out for using “FUD”, shouldn’t you also point out what exactly it is that I’m trying to sell, propagate, etc.?
Third, and perhaps most importantly: given this new information regarding Time Machine encryption, you would have no problem handing over one of your own, personal drives, with your personal data on it, and let someone else try their hand at using these tools to brute force the password?
As I said earlier, the real point of my post was to spread the information I had just found (mind you: this was months ago) and to let people know that they shouldn’t trust an encryption scheme (_any_ encryption scheme) to protect their data when it’s out of their hands. If you consider that “fear mongering”, then it would be silly of you to visit most pages or sites related to security.
No worries, I just don’t believe in restraining my use of the language—and I bet you can guess how I would have usually put this :). I know I can be brutally blunt, but notice how I explicitly told you that I’m not here to provoke and the use of smileys to tone that down a bit.
I called it FUD because it made me google for a _security_hole_ because your post made me think there is one. You wasted my time so I was grumpy :). Because I am relying on encrypted disk images to be safe. Apart from the bad taste in my mouth that nobody but Apple can look at the source code so there might be a backdoor anyway. Or a bug in the implementation that makes breaking it easier than it should be.
But still, clearly you didn’t get the technical point. Encryption schemes ARE MADE so that ANYBODY CAN have your encrypted data WITHOUT being able to decrypt it, at least not in a feasible amount of time. From the oldest (very simple and cryptanalytically easily attackable) ciphers used to transport orders on the battlefield to modern ones like RSA and AES that are believed to be “safe”. Safe meaning brute force attacks are your only way to go. (And yes, I know there are cryptanalytical advances even for AES but they still don’t allow you to crack things in no time, very far from it.) All you have to do is pick a good password. As for handing over my data, of course not giving it away is just another brick in my security wall. But if anybody else got it anyway, I could still lean back and laugh straight into their faces. If you don’t trust your encryption scheme, what’s the point in using it? Go read about it. On any site or in any book related to security.
P.S.: Although I subscribed to follow-ups I did not get a message. I did not investigate whether your blog machinery or my mail one is broken.
Thanks, Thomas. Interesting points. Clearly, you don’t get the point that _I_ had made initially, as you seem to be repeating it to me as if it were your own. And in your latest smiley-riddled rant, you seem to contradict yourself in saying that there might be a hole about which you don’t know, yet you would wouldn’t use an encryption scheme you don’t trust and would “still lean back and laugh straight into their faces” if someone were to obtain your data.
I would apologize for wasting your time, if I had sought you out somehow and asked you directly to read, research, and comment on this post.
If there is a problem on my end with email notification of comments, it would be directly via wordpress.com, as they host this blog.
Thomas is right, you said losing a FV protected TM external meant your files can be read by whomever has the disk.
It can’t. Not without a brute force attack or password guessing, which is best you can ask of any classical encryption, except one time pads.
VileFault facilitates this but doesn’t get around needing a password, and even at 2000 keys/second, getting the plaintext will still take forever against a strong password.
FV itself is NOT compromised. It’s safe against attackers in the general public, for the moment at least.
Indeed, I got the same impression — that there is some exploitable hole that VileFault takes advantage of — from your article. So VF is just a brute-force attacker?
And, okay, it’s been another year. Anything new on this front?
Indeed _what_? I don’t understand the question, nor the negative comments that have been posted in the 1.5 years since this post (I would hardly call it an “article”) was created, and there seems to have been quite a bit of inaccurate reads between the lines. It’s been a while, but I believe what I mentioned was that FileVault is not invulnerable, and that there were now tools being spawned for the sole purpose of cracking its encryption scheme. I never argued against the well-known fact that it would take days/weeks/months/years to crack a good, encrypted password, merely that it was possible. In fact, the true point of my post was to summarize what I had discovered regarding the underworkings of Time Machine backups, as well as FileVault encryption with Time Machine; the cracking stuff was merely an aside.
Pingback: FileVault 2: Encryption in OS X Lion « A DeStefano Blog
Thomas et al: is this still FUD to you?
https://destefano.wordpress.com/2012/01/25/filevault-2-encryption-lion/