[cryptography] Question About Best Practices for Personal File Encryption

Jeffrey Goldberg jeffrey at goldmark.org
Sun Aug 17 00:09:46 EDT 2014

On 2014-08-16, at 4:51 PM, David I. Emery <die at dieconsulting.com> wrote:

> On Sat, Aug 16, 2014 at 04:21:53PM -0500, Christopher Nielsen wrote:
>> The comment about Apple is simply false. Apple does not have a key to
>> FileVault2 unless you escrow your key with them. I know this because a dear
>> friend recently passed, and his family was not able to gain access to his
>> encrypted drives through Apple.
> 	You may be right or may not, but I certainly have to think that
> if there is a backdoor password to Filevault2 it is quite likely that
> Apple would not choose to disclose that fact to just some random user
> who had lost files due to forgotten passwords.

Right. We don’t know whether Apple escrows the key in the absence of
people asking them to, but we do know that they do offer to store a
“recovery” key when someone sets up FileVault2.

So an instance of Apple being able to help someone recover their FileVault2
data proves absolutely nothing.

I have spoken to people who specialize in forensics recovery for Apple
products and who have close relations to Apple. Those conversations lead
me to believe that there is no backdoor that they are aware of. Of course,
if there were, they would not reveal that information to me.

I do think, however, that if there are such backdoors, it would have
to be known to only a very small number of people. Too many of the people
who work on Apple security would blow the whistle. So it would have to
be introduced in such a way that most of the people who actually develop
these tools are unaware of the backdoors. It’s certainly possible, but
it does shift balance of plausibility.



More information about the cryptography mailing list