Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Full disk encryption and backups



On Jan 3, 2012, at 5:59 PM, Edward Ned Harvey wrote:
> 
> In filevault, you have whole disk encryption, and in time machine, you have
> backup disk encryption too.

Time Machine does no encryption whatsoever.

FileVault encrypts home directories in disk images similar to TrueCrypt container files.  These are dumped as-are to Time Machine volumes so these at least are encrypted.  This is why Apple created the sparsebundle, because sparseimages were clobbering Time Machine in 10.4.  In 10.5, only the changed bands within the sparsebundle are dumped.  These disk images are troublesome to restore: either you restore the entire disk image or you mount the image and pluck out files by hand.

FileVault 2 is WDE.  FileVault 2 can be used to encrypt entire Time Machine volumes.  But this means decrypting on reads from the source volume and recrypting on the target volume.

All exactly as I wrote.

--Rich P.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org