Encryption lossage

Volume 10, Issue 138; 07 Dec 2007; last modified 08 Oct 2010

Encrypting some stuff seems like a good idea. Mail, for example. If you stole my laptop, you wouldn't find anything interesting in the 142,113 email messages therein, but I'd rather you didn't get to look. Just on principle. [Updated.]

On Linux, I had a couple of encrypted partitions (/home and /Mail). It caused a little heartburn across major upgrades, but it never failed to work and it never lost any data.

On the Mac, I think FileVault offers the same sort of functionality, but it doesn't seem to have a very good reputation. A very small amount of poking about on the net will find users with horror stories.

But the Mac can also make these encrypted, sparse disk images. So I created a 4Gb one, copied all my mail to it, reconfigured Gnus to use the new location, and all seemed well.

Then my Mac crashed. Game over. Power cycle, please.

When it came back, a not large, but non-trivial hunk of my mail archive was corrupted. Not only did it take a while to get things back into a state where Gnus would even show me the mail, after it would, it became clear that some tens of messages in some tens of folders are now random encrypted junk.

There are a few ways to recover from my mail backups, but none of them are pretty. I might just assume those missing messages weren't important. And I might go back to storing my mail without encryption.

Right now, I'm probably too mad to make a rational decision.

[Update: …several hours pass… I just couldn't stand it. I had to go back and recover from my backups. What a PITA. I may have lost some of my replies, but that's the best I can do, I think. Now I just have to delete all the spam again. And I'm not encrypting my mail anymore, at least not this afternoon. What's left of it.]

Comments

I've been using FileVault for something like 3 years, and it hasn't failed me. I've simply encrypted my home folder and it has worked fine. Backups can be tough because you end up with a single huge sparse file that you just can't copy onto certain filesystems (ie. FAT)... and occasionally OS X needs to reorganize the sparse file when you reboot, which can take a long time.

Contrast it all with Linux - I just got encryption support with LUKS and the device mapper on my Asus EEEPc. Had to rebuild the kernel and do all kinds of other nasty things to get that working (see here if you're really interested ;) Gutsy disk encryption is looking better than it did (now integrated into the window manager) but still has some annoying bugs (I can't reliably insert, remove and insert again an encrypted USB drive for example)

—Posted by John Kemp on 04 Jan 2008 @ 08:26 UTC #