FileVault has been included in Macs by Apple since the release of Panther many years ago. In Apple’s most recent release, OS X Lion, the company included FileVault that brought new ways of encryption. FileVault lets you encrypt your entire drive with a master password to protect key-chain passwords, files, and more. FileVault 2 uses a separate partition to store the FileVault login information.
Cnet pointed us to a new report from password recovery company PassWare, who claimed it can decrypt Apple’s FileVault 2 in under 40 minutes. Obviously, this is a big concern because FileVault contains so much of users’ information.
PassWare decrypts FileVault by going in through the system’s firewire connection and using live-memory analysis to extract the encryption key from the FileVault partition (so the machine must assumedly be running?). From there, a user can uncover keychain files and login passwords that can be used to unlock the whole HDD/SSD.
PassWare conveniently makes PassWare 11.3 available to do this, but you will have to throw down a lofty $995 to get the software. PassWare makes this software primarily available for law enforcement.
Related articles
- Gamers beware: Steam’s database hacked, including encrypted credit card information and passwords (9to5mac.com)
FTC: We use income earning auto affiliate links. More.
Now I’ve been searching the answer to this question everywhere: is this only for cracking the internal drive or Filevault 2 enabled external harddrives.
Hey noob. That is NOT a brute force attack. I am offended that someone like you who knows nothing would write this report. Grabbing the password key off ram via FireWire ain’t shit. If someone pays $999 for that software they are a chump like you. You don’t even know what brute force means lamer!