2012/11/02

FileVault2 (FDE) trvia

Interesting...

I configured my Mac to require me to enter the boot volume's FileVault2 passphrase before login; no automatic retrieval using an account's (less secure) login password.

This worked great, then at some point later, I added a second "Standard" account (for my Grandmother's iPad :) and the next time I booted (it's not that often; thanks for making a really stable OS, Apple) I noticed that this account was able to log in directly.

Hmm; somehow when the account was created, it glommed on to the FileVault2 passphrase - not nice.

System Preferences gave me no way to turn this off; interesting-er. Neither "Users & Groups" nor "Security" was any help; "Security" didn't even have this account listed via the "Enable Users..." button (toward the bottom).

To the Intertubes!

Here's an interesting article from IACR (International Association for Cryptologic Research) with lots of background: Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption. It didn't help solve this problem, though it was a useful read; thanks, IACR.

And the jackpot, at Krypted.comEncrypting Volumes in OS X Mountain Lion is how I found out about the "fdesetup" command. (That's "fde" as in "full disk encryption".)

(BTW: After disabling this new account (with "fdesetup remove"), I opened the "Security" preference pane and it is now listed (as disabled) where it previously wasn't shown at all.)

[2015/03/20 update: If the output of "fdesetup list" is empty, no users have the capability, and it's required (as desired) to enter the disk password before login.]

2012/05/23

DuckDuckGo Action for QuickSilver

A quick & dirty Applescript for a QuickSilver Action, to quickly do a web search with DuckDuckGo (AKA DDG), in the default browser:

using terms from application "Quicksilver"
 on process text ThisClipping
  tell application "Finder" to open location "http://duckduckgo.com/?q=" & ThisClipping
 end process text
end using terms from

Save the above as something like DDG.scpt, into "~/Library/Application Support/Quicksilver/Actions"; to make it your default, drag it above other Actions - such as "Search with Google".

Now:

  • Fire up QuickSilver as you normally would (ex: command-space).
  • Type a dot (if required) for free-form text entry.
  • Enter your query & press Return; done.
Any suggestions for improvement are most welcome!

(I miss Searchling, however this is pretty close!)