Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It should be noted that using FDE software like the built-in Filevault2 mitigates this leak.


Not if the Mac you're reading on (e.g. kiosk/library computer) is potentially compromised.


If you decrypt an encrypted filesystem on an untrusted computer, it's game over already then. And assume that your passphrase is compromised as well.


FileVault use largely happens on more or less insecure computers, so it is an interesting case.

It's game over if there was malicious software on the computer that cared to read your plaintext data, what about the rest of the cases?

Even for the library scenario it could be important: A whistleblower going to the library, sending off some leaked documents to journalists, and later having the MiB pick up the library computer for forensics.


> FileVault use largely happens on more or less insecure computers, so it is an interesting case.

That's not a good idea, an encrypted filesystem is only as secure as the computer you decrypt it on. Yes, of course, if you're carrying a USB drive around with you, it's strictly better that it's encrypted than not (protection against theft and loss), but it's not exactly difficult to imagine that a public computer should have malware installed.

For the leaker/whistle-blower scenario, disk encryption is your absolute last line of defence. When the MiB comes knocking, you absolutely want all your drives fully encrypted, but the vast majority of your security efforts should be spent on not getting identified in the first place. But what you don't want is for the MiB to find out that you're using the computers in a certain library, go there and install keyloggers and only come to your house once they have your passphrase.


it does? the entire premise is that this leaks encrypted data


Yes, it does. If you read through the researcher's post, they have an encrypted volume (VeraCrypt-style) which they mount on an otherwise unencrypted filesystem. Data can leak from inside the encrypted volume, to the cache location outside the encrypted volume.

If you're using Filevault2, the entire hard disk is encrypted, including the cache location.


Where exactly is this feature leaking the data to if FDE is turned on? To the encrypted /var directory? It could potentially leak from an encrypted external storage device to a non-encrypted /var on the boot drive, but if you use FileVault to encrypt the boot drive the “leak” would be from one encrypted drive to another. An issue to fix, but not a major story.


Yes, from encrypted non-system partitions or encrypted external drives to an unencrypted system partition.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: