This story is about full-disk encryption going bad, but it could just as easily be the hard drive dying, or another software bug that corrupts the disk.
If you have a Mac, get an AirPort Time Capsule. This gives you automatic, hourly backups. The importance of automatic cannot be overstated. If you have multiple Macs, they can all backup the same Time Capsule.
You can save a little money using an external hard drive, but how often are you (or your family members) going to remember to plug it in and run Time Machine? Once a week?
I'm not generally a Mac fanboy but damn if the Time Capsule isn't the most it-just-works backup solution I've ever used. I really want to find a similar setup for my Windows boxes.
Also, however you handle your backups, set up a calendar reminder for every month or two to check that they're running as expected. (Backup drive isn't full, cloud service account hasn't expired, correct directories still being backed up, files restore as expected, etc. etc.) I do this monthly, and more months than not I find something to fix on one of the computers in the house. I run multiple types of backups from full disk images to incremental cloud backups, so a loss of any one wouldn't be catastrophic, but it's still a good thing to stay on top of. Just had a hard drive die last week actually, although ironically it was a backup drive...
Seconded. An AirPort Time Capsule is so worth the investment. I can't praise it enough and you can't get me to shut up about it. My wife and I had our Macbooks (our only computers) stolen this weekend and we are back up and running with new Macbooks with all our data intact. My only regret is not turning on FileFault, thinking it would make our computers slow.
> This story is about full-disk encryption going bad, but it could just as easily be the hard drive dying, or another software bug that corrupts the disk.
Not really. Those 4KB with the encryption key are EVERYTHING in full disk encryption. There's nothing equivalently important in unencrypted disks.
Yep, ultimately it boils down to "have automatic backups."
FDE further complicates things, though, as if the volume master key is corrupted everything is lost. If my hard drive dies, there's a decent chance that a data recovery shop can recover at least some of the data.
Or, if you are stingy and/or enjoy a bit of occasional sysadmin DIY, get a Linux box and configure it to look like a TC. There are plenty of tutorials out there, it's very easy.
My understanding was that you couldn't be held in contempt (presumably what they would charge you with) by simply exercising your right to remain silent (and not provide anything). Can someone comment on whether or not this is true?
With apologies to patio11, Backup backup backup BACKUP backup BACKUP. There are many, many bad things that can happen to your data, which can be mitigated with proper backups. Also test your backups.
Important even if you're not using FDE, but by design FDE makes any data corruption significantly worse. Not an Apple specific problem, either. LUKS is actually specifically designed so that the master key is wrapped in a large all-or-nothing transform (anit-forensics) to make it exponentially harder to recover from a damaged header.
I'm not very familiar with FileVault, but does it not provide a recovery key when you set it up? (for writing down and stashing in a safe place or backing up to the cloud)
Every other FDE scheme I've ever seen does, accompanied by big scary "WRITE THIS DOWN. IF YOU LOSE IT, AND THEN YOUR DISK GETS CORRUPTED, YOUR DATA IS GONE FOREVER" warnings, and with good reason: yeah, if the master key sector is corrupted and you don't have a backup, you're screwed.
It does provide you with a recovery key, but that recovery key is useless if the file containing the volume master key is lost or corrupted (as happened here). In FileVault the recovery key is to protect you from losing your password, not from the system nuking the master key.
Usually, disk encryption is done by creating a master key, which is then encrypted again for every user, using the user's password in OSX's case, that is allowed to access the disk.
This way, the user never can retrieve the master key and access rights can be modified all while keeping the master key and thus avoid re-encryption on the drive if a new user is added/an old one removed/one changes his/her password.
Downside: if the master key goes boom, so do the data, with no chance of any recovery.
If losing the master key (or the passphrase that decrypts it, at least) does not result in the data being gone forever then the encryption isn't worth much, now is it?
I have a feeling that $2000 recovery service would have basically said the same thing had they encountered a corrupt GPT record or HFS+ superblock in a fully unencrypted disk as well.
Misleading title, should be "When You Forget to Take Backups". FDE only (slightly) raises the stakes of not having backups by making a system (a little bit) more fragile.
OK recently my recovery volume's HFSJ file system became corrupted in a way that prevented booting, similar to this story. Nothing could repair it, not Apple's fsck_hfs (Disk Utility) nor Disk Warrior. I used dd to backup the recovery partition because I wasn't sure if it contained anything vital for unlocking the encrypted volume. And then I proceeded to nuke that partition (I actually formatted the volume from a Fedora live image, and that issues a trim command prior to the format; and I followed that up with removing the partition with gdisk, so for sure there is no recovery HD volume data at all on this SSD)
Using a separate OS X boot volume I created a USB installer of El Capitan, booted that, went to Disk Utility, asked it to unlock the encrypted primary volume, using just the normal passphrase, and it worked. I then went back to the main menu to reinstall the OS; i.e. installing over the existing (newer) El Capitan installation. The installer took forever but it reinstalled the (older) OS version of El Capitan, created a new Recovery HD volume, and did not erase any of my data. And I could boot afterward.
So too bad this guy's blog doesn't accept comments or I'd tell him this directly and there's a pretty good chance his data can be recovered intact.
What I think is the Core Storage metadata on the primary volume contains an encrypted copy of the DEK. I mean, why put the only copy on another file system and partition? That's risky. I'm willing to bet how Apple does it is similar to a combined LVM+LUKS header, except they appear to duplicate the metadata at each end of the partition. In between that plaintext metadata is a (huge) pile of ciphertext which is the actual primary volume, OS + apps + user data.
It's really important both to backup the FDE keys and have regular backups.
I lost a volume to BitLocker AES-XTS 256 earlier this year and luckily only lost a few days of work. I've since substantially improved my backups and even rotate a disk offsite weekly now.
What completely amazes me is how OS X doesn't warn users to backup that block, constantly, until it's done.
I use Arch, which is not beginner friendly, but the wiki states this in a big, red banner. I'd expect an end-user friendly OS to do the same once the password is set for the first time, and over and over again until the backup has been made.
Does Apple actually enjoy leaving all the user's data to chance?
The sad part about this story is that time machine backups on OSX are so stupid simple and easy that it's a tragedy he didn't have them set up.
It's an external USB drive I have plugged into my monitor. When I plug my laptop into the monitor at work it silently does its duty. I never even think about it until I need to recover a file that I just rm'd!
Sorry for being off-topic: my wife and I had our MacBooks stolen on the weekend and every ten minutes I think why in the hell didn't I have FileVault turned on. Our whole lives were on those laptops and I cannot even fathom what sort of fallout to expect with our data out there.
You probably already know this, but just in case not: If you had Find My Mac enabled on those MacBooks, you can lock or wipe them [1]. I've read somewhere that if you select "lock" first, you can't then do a wipe. Not sure about that, tho. Good Luck.
For my work computer I regularly clone the disk to a identical HDD in an external dock using CloneZilla. It runs at night. Along with incremental data backups I can swap in the cloned disk, copy in the diff and be up and running quickly. Just a tip :)
Or just design the FDE to store more than one copy of the encryption key.
Drives that claim to do encryption themselves have their own issues (like not actually using the user provided key for encryption and other crypto failures from developers & companies not familiar with how crypto is supposed to work).
[+] [-] electrum|9 years ago|reply
If you have a Mac, get an AirPort Time Capsule. This gives you automatic, hourly backups. The importance of automatic cannot be overstated. If you have multiple Macs, they can all backup the same Time Capsule.
You can save a little money using an external hard drive, but how often are you (or your family members) going to remember to plug it in and run Time Machine? Once a week?
[+] [-] blfr|9 years ago|reply
If you're here, get a Tarsnap account. This gives you backups however you script them. They're versioned, deduplicated, and NSA-resistant.
[+] [-] taneq|9 years ago|reply
[+] [-] tempestn|9 years ago|reply
[+] [-] Veratyr|9 years ago|reply
[0]: https://www.arqbackup.com/
[+] [-] sigjuice|9 years ago|reply
[+] [-] hobarrera|9 years ago|reply
Not really. Those 4KB with the encryption key are EVERYTHING in full disk encryption. There's nothing equivalently important in unencrypted disks.
[+] [-] Aqua_Geek|9 years ago|reply
FDE further complicates things, though, as if the volume master key is corrupted everything is lost. If my hard drive dies, there's a decent chance that a data recovery shop can recover at least some of the data.
[+] [-] toyg|9 years ago|reply
Or, if you are stingy and/or enjoy a bit of occasional sysadmin DIY, get a Linux box and configure it to look like a TC. There are plenty of tutorials out there, it's very easy.
[+] [-] dredmorbius|9 years ago|reply
Time Machine likely makes sense for laptops, though it's got low storage capacity at the price.
[+] [-] jkot|9 years ago|reply
1) full disk encryption
2) police takes your laptop
3) after six months you are asked to decrypt the harddrive
4) you dont remember 100 character password after all that time
5) you go to jail until you remember
[+] [-] peppaz|9 years ago|reply
http://www.nytimes.com/2016/05/06/technology/former-officer-...
[+] [-] matt_wulfeck|9 years ago|reply
[+] [-] ryan-c|9 years ago|reply
Important even if you're not using FDE, but by design FDE makes any data corruption significantly worse. Not an Apple specific problem, either. LUKS is actually specifically designed so that the master key is wrapped in a large all-or-nothing transform (anit-forensics) to make it exponentially harder to recover from a damaged header.
[+] [-] Analemma_|9 years ago|reply
Every other FDE scheme I've ever seen does, accompanied by big scary "WRITE THIS DOWN. IF YOU LOSE IT, AND THEN YOUR DISK GETS CORRUPTED, YOUR DATA IS GONE FOREVER" warnings, and with good reason: yeah, if the master key sector is corrupted and you don't have a backup, you're screwed.
[+] [-] Aqua_Geek|9 years ago|reply
[+] [-] mschuster91|9 years ago|reply
This way, the user never can retrieve the master key and access rights can be modified all while keeping the master key and thus avoid re-encryption on the drive if a new user is added/an old one removed/one changes his/her password.
Downside: if the master key goes boom, so do the data, with no chance of any recovery.
[+] [-] taneq|9 years ago|reply
[+] [-] pwnna|9 years ago|reply
This is true for LUKS on Linux as well. Destroy the LUKS header, you data is now forever gone.
[+] [-] mehrdada|9 years ago|reply
[+] [-] chrismartin|9 years ago|reply
[+] [-] cmurf|9 years ago|reply
Using a separate OS X boot volume I created a USB installer of El Capitan, booted that, went to Disk Utility, asked it to unlock the encrypted primary volume, using just the normal passphrase, and it worked. I then went back to the main menu to reinstall the OS; i.e. installing over the existing (newer) El Capitan installation. The installer took forever but it reinstalled the (older) OS version of El Capitan, created a new Recovery HD volume, and did not erase any of my data. And I could boot afterward.
So too bad this guy's blog doesn't accept comments or I'd tell him this directly and there's a pretty good chance his data can be recovered intact.
[+] [-] cmurf|9 years ago|reply
[+] [-] kogir|9 years ago|reply
I lost a volume to BitLocker AES-XTS 256 earlier this year and luckily only lost a few days of work. I've since substantially improved my backups and even rotate a disk offsite weekly now.
[+] [-] magic5227|9 years ago|reply
[+] [-] hobarrera|9 years ago|reply
I use Arch, which is not beginner friendly, but the wiki states this in a big, red banner. I'd expect an end-user friendly OS to do the same once the password is set for the first time, and over and over again until the backup has been made.
Does Apple actually enjoy leaving all the user's data to chance?
[+] [-] matt_wulfeck|9 years ago|reply
It's an external USB drive I have plugged into my monitor. When I plug my laptop into the monitor at work it silently does its duty. I never even think about it until I need to recover a file that I just rm'd!
[+] [-] sigjuice|9 years ago|reply
[+] [-] ridgeguy|9 years ago|reply
[1] https://support.apple.com/en-us/HT204756
[+] [-] subliminalpanda|9 years ago|reply
[+] [-] Gnarl|9 years ago|reply
[+] [-] grillvogel|9 years ago|reply
[+] [-] codys|9 years ago|reply
Drives that claim to do encryption themselves have their own issues (like not actually using the user provided key for encryption and other crypto failures from developers & companies not familiar with how crypto is supposed to work).
[+] [-] chadgeidel|9 years ago|reply
[+] [-] Aqua_Geek|9 years ago|reply
More details here: https://eprint.iacr.org/2012/374.pdf