
When Full-Disk Encryption Goes Wrong - Aqua_Geek
http://spaceisdisorienting.com/when-fulldisk-encryption-goes-wrong
======
electrum
This story is about full-disk encryption going bad, but it could just as
easily be the hard drive dying, or another software bug that corrupts the
disk.

If you have a Mac, get an AirPort Time Capsule. This gives you automatic,
hourly backups. The importance of automatic cannot be overstated. If you have
multiple Macs, they can all backup the same Time Capsule.

You can save a little money using an external hard drive, but how often are
you (or your family members) going to remember to plug it in and run Time
Machine? Once a week?

~~~
blfr
_If you have a Mac, get an AirPort Time Capsule. This gives you automatic,
hourly backups._

If you're here, get a Tarsnap account. This gives you backups however you
script them. They're versioned, deduplicated, and NSA-resistant.

~~~
kristofferR
Arq is another great alternative, which combined with Amazon Unlimited Cloud
Storage, gives you the same benefits as Tarsnap for orders of magnitude less.

~~~
exhilaration
Are you talking about this? $59.99/year?
[https://www.amazon.com/clouddrive/home](https://www.amazon.com/clouddrive/home)

And while I've got your attention, 1) are Arq backups encrypted and 2) can it
back up via SSH to my own storage somewhere - like a cheap VPS with lots of
disk space?

~~~
Veratyr
1) Yes. The format and encryption specifics are even documented:
[https://www.arqbackup.com/arq_data_format.txt](https://www.arqbackup.com/arq_data_format.txt)

2) Yes. Although if you're after cheap space, Hetzner's storage boxes are the
cheapest $/GB I've seen
([https://www.hetzner.de/hosting/produktmatrix/storagebox-
prod...](https://www.hetzner.de/hosting/produktmatrix/storagebox-
produktmatrix)), with Backblaze B2 close behind.

------
jkot
This is just another "I dont have a backup..." story. Let me provide better
one:

1) full disk encryption

2) police takes your laptop

3) after six months you are asked to decrypt the harddrive

4) you dont remember 100 character password after all that time

5) you go to jail until you remember

~~~
matt_wulfeck
My understanding was that you couldn't be held in contempt (presumably what
they would charge you with) by simply exercising your right to remain silent
(and not provide anything). Can someone comment on whether or not this is
true?

~~~
peppaz
[http://www.nytimes.com/2016/05/06/technology/former-
officer-...](http://www.nytimes.com/2016/05/06/technology/former-officer-is-
jailed-months-without-charges-over-encrypted-drives.html)

------
ryan-c
With apologies to patio11, Backup backup backup BACKUP backup _BACKUP_. There
are many, many bad things that can happen to your data, which can be mitigated
with proper backups. Also test your backups.

Important even if you're not using FDE, but by design FDE makes any data
corruption significantly worse. Not an Apple specific problem, either. LUKS is
actually specifically designed so that the master key is wrapped in a large
all-or-nothing transform (anit-forensics) to make it exponentially harder to
recover from a damaged header.

------
Analemma_
I'm not very familiar with FileVault, but does it not provide a recovery key
when you set it up? (for writing down and stashing in a safe place or backing
up to the cloud)

Every other FDE scheme I've ever seen does, accompanied by big scary "WRITE
THIS DOWN. IF YOU LOSE IT, AND THEN YOUR DISK GETS CORRUPTED, YOUR DATA IS
GONE FOREVER" warnings, and with good reason: yeah, if the master key sector
is corrupted and you don't have a backup, you're screwed.

~~~
Aqua_Geek
It does provide you with a recovery key, but that recovery key is useless if
the file containing the volume master key is lost or corrupted (as happened
here). In FileVault the recovery key is to protect you from losing your
password, not from the system nuking the master key.

~~~
Analemma_
Ah, that's my misunderstanding then. I always thought the recovery key _was_
the volume master key, for the purposes of guarding against accidents like
this. Good to know that's not the case; I think I should go check up on my
backup solution now.

~~~
lloeki
You can generate a new recovery key anytime once the volume is
decrypted/booted:

    
    
        sudo fdesetup validaterecovery  # check
        sudo fdesetup changerecovery -personal  # change
    

Obviously this doesn't reencrypt the disk, so you can guess how it works.

------
pwnna
The upside of this is that if you want to very quickly destroy your data, all
you need to erase is the master key securely.

This is true for LUKS on Linux as well. Destroy the LUKS header, you data is
now forever gone.

------
mehrdada
I have a feeling that $2000 recovery service would have basically said the
same thing had they encountered a corrupt GPT record or HFS+ superblock in a
fully unencrypted disk as well.

------
chrismartin
Misleading title, should be "When You Forget to Take Backups". FDE only
(slightly) raises the stakes of not having backups by making a system (a
little bit) more fragile.

------
cmurf
OK recently my recovery volume's HFSJ file system became corrupted in a way
that prevented booting, similar to this story. Nothing could repair it, not
Apple's fsck_hfs (Disk Utility) nor Disk Warrior. I used dd to backup the
recovery partition because I wasn't sure if it contained anything vital for
unlocking the encrypted volume. And then I proceeded to nuke that partition (I
actually formatted the volume from a Fedora live image, and that issues a trim
command prior to the format; and I followed that up with removing the
partition with gdisk, so for sure there is no recovery HD volume data at all
on this SSD)

Using a separate OS X boot volume I created a USB installer of El Capitan,
booted that, went to Disk Utility, asked it to unlock the encrypted primary
volume, using just the normal passphrase, and it worked. I then went back to
the main menu to reinstall the OS; i.e. installing over the existing (newer)
El Capitan installation. The installer took forever but it reinstalled the
(older) OS version of El Capitan, created a new Recovery HD volume, and did
not erase any of my data. And I could boot afterward.

So too bad this guy's blog doesn't accept comments or I'd tell him this
directly and there's a pretty good chance his data can be recovered intact.

~~~
cmurf
What I think is the Core Storage metadata on the primary volume contains an
encrypted copy of the DEK. I mean, why put the only copy on another file
system and partition? That's risky. I'm willing to bet how Apple does it is
similar to a combined LVM+LUKS header, except they appear to duplicate the
metadata at each end of the partition. In between that plaintext metadata is a
(huge) pile of ciphertext which is the actual primary volume, OS + apps + user
data.

------
kogir
It's really important both to backup the FDE keys and have regular backups.

I lost a volume to BitLocker AES-XTS 256 earlier this year and luckily only
lost a few days of work. I've since substantially improved my backups and even
rotate a disk offsite weekly now.

------
magic5227
"When you forget to backup your files" seems more appropriate.

------
hobarrera
What completely amazes me is how OS X doesn't warn users to backup that block,
constantly, until it's done.

I use Arch, which is not beginner friendly, but the wiki states this in a big,
red banner. I'd expect an end-user friendly OS to do the same once the
password is set for the first time, and over and over again until the backup
has been made.

Does Apple actually enjoy leaving all the user's data to chance?

------
matt_wulfeck
The sad part about this story is that time machine backups on OSX are so
stupid simple and easy that it's a tragedy he didn't have them set up.

It's an external USB drive I have plugged into my monitor. When I plug my
laptop into the monitor at work it silently does its duty. I never even think
about it until I need to recover a file that I just rm'd!

------
sigjuice
Sorry for being off-topic: my wife and I had our MacBooks stolen on the
weekend and every ten minutes I think why in the hell didn't I have FileVault
turned on. Our whole lives were on those laptops and I cannot even fathom what
sort of fallout to expect with our data out there.

~~~
ridgeguy
You probably already know this, but just in case not: If you had Find My Mac
enabled on those MacBooks, you can lock or wipe them [1]. I've read somewhere
that if you select "lock" first, you can't then do a wipe. Not sure about
that, tho. Good Luck.

[1] [https://support.apple.com/en-us/HT204756](https://support.apple.com/en-
us/HT204756)

~~~
sigjuice
Yes, I did this the minute I realized what had happened. Both my Macbooks and
my iPad are in the "Erase Pending" state. Not sure if I still get notified of
the location if the thieves replace or wipe the drives before ever connecting
to the Internet.

------
Gnarl
For my work computer I regularly clone the disk to a identical HDD in an
external dock using CloneZilla. It runs at night. Along with incremental data
backups I can swap in the cloned disk, copy in the diff and be up and running
quickly. Just a tip :)

------
grillvogel
this is why you use actual FDE drives if you want FDE and not a software
middleman. also what happened to the recovery key?

~~~
chadgeidel
Honest question. What is this you are referring to? I've never heard of a
"Full Disk Encryption Drive" and google isn't forthcoming.

~~~
jmiserez
There are HDDs and SSDs that do the encryption themself, rather than just
being a dumb storage medium. You need to unlock it with the password or key
when using it, and the disk will transparently encrypt and decrypt the
contents on reads/writes.

One problem is that you have to trust the disk (manufacturer/firmware) to do
this right. This is not so easy to verify yourself, and not all drives
claiming FDE are equally secure. [https://en.wikipedia.org/wiki/Hardware-
based_full_disk_encry...](https://en.wikipedia.org/wiki/Hardware-
based_full_disk_encryption)

[https://vxlabs.com/2012/12/22/ssds-with-usable-built-in-
hard...](https://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-
based-full-disk-encryption/)

