7

When setting up FileVault 2 on a computer, you're presented with 2 recovery options - storing the recovery key with your iCloud account / Apple ID, and displaying the recovery key (for you to write down / save somewhere yourself). However, after doing some research, I found some posts that claim to be able to extract FileVault recovery keys from users' iCloud accounts, which makes me wonder if storing the recovery key with iCloud is the best solution. For a point of reference, I also looked at Apple's whitepaper on FileVault, which explains that the recovery key is protected by a "wrapping" key generated by hashing the responses to 3 security questions. Still, if this exploit's legit, as far as I can tell this would only matter if someone had physical access to your computer.

Given these two recovery options, which would be more secure?

  1. Store recovery key with iCloud
  2. Store recovery key in a password manager, where it's synced to multiple devices via a service like Dropbox

I'm currently thinking option 2 would be, because there's the extra layer of the password manager vault even if the file syncing service were compromised, but that might be equivalent to the wrapping key hashing Apple adds.

wisew
  • 71
  • 2
    Can you please clarify what you mean by more secure? I've worked in the IT Security field and I can tell you that people can debate for hours on what exactly it means to make something more secure. – Monomeeth Mar 29 '17 at 06:29
  • 1
    I store the key with apple because in my opinion I think this is the safest. When I write it down somewhere it is possible that someone will break in and find the code. When apples service is compromised, they still have to find my computer I think. When syncing with dropbox or another service, if that is compromised and the someone is able to access your vault, the problem would be the same – Jules Mar 29 '17 at 06:47
  • @Monomeeth Good question - in this case I mean something like, likelihood of being compromised by a third party. Originally I was thinking that Option 2 above would be more secure, because it entails multiple layers of encryption (first they'd have to compromise Dropbox, and then they'd have to find a way into my encrypted password manager vault). But, then, the flipside would be that the recovery key would be accessible from every device I sync my password manager to, sitting in memory unencrypted (assuming I've already decrypted the vault), which seems riskier. – wisew Apr 02 '17 at 21:01

3 Answers3

4

Saving it somewhere yourself is more secure as long as that somewhere else is memorized in your own brain. Otherwise the answer to this isn't static.

iCloud can have vulnerabilities and so can Dropbox. Knowing about some vulnerabilities only informs you about those that have become public. Right now we might possibly know about a vulnerability in iCloud, but tomorrow that could be patched and 12 vulnerabilities in Dropbox could be revealed.

I would consider them to be basically equal if you aren't going to memorize the recovery key.

As an aside, I don't memorize my own keys, I keep them in Dropbox using 1Password

dwightk
  • 7,619
  • 14
  • 47
  • 70
4

Which would be more secure?

The answer to this can only be determined by you

What you have to do is find the balance between usability and security and that balance can only be determined by what you are comfortable with.

It's not so much where you store your passwords/recovery keys/etc. but how you store them. There are many levels of encryption that you could employ from a basic AES-256 to using Steganography to embed triple encrypted salted and hashed keys.

The more complex you make it, the more secure; the cost being the more inconvenient it becomes to access your data. Likewise, the corollary is also true, the less complex the security, the less secure but the payback is easier access to your data.

So, what you have to do is a simple risk assesment:

  • The value of the data to you (i.e. what's it worth to you?)
  • The importance of the data (can you live without it?)
  • The cost of the data (how much did/would it cost you to (re)create?)
  • How accessible do you need it (every day, every year, once in a lifetime?)

Granted, this is a very abridged version, but should suffice for this scenario.

Use the answers to the question to see what makes the most sense keeping in mind that the moment you place the data on someone else's servers (meaning the cloud) you inherently introduce risk into the equation.

Ahh...but with that last statement, you might be thinking "I should store it offline." That's a possibility, but then you introduce the issue of losing your data should you misplace the device (i.e. USB flash) that you placed it on.

What do I do?

My critical stuff is on a USB that is disguised as an innocent looking object. It's backed up to another USB that is placed in a safe in an undisclosed location.

My "not so critical stuff" is encrypted, then put on a cloud provider for ease of access.

But, that's what works for me. YMMV

Allan
  • 101,432
1

Here is an example of how a disk recovery key can be extracted from iCloud to allow for decryption of your disk. In general, no real method is safer than the other. The convenience of iCloud makes it an acceptable place to store your recovery key. Remember if storing it in iCloud, there is no good way to browse and extract your key unless you follow the steps outlined here.

Other acceptably safe options include storing it in 1Password, Dropbox. Paper print outs of the recovery key are prone to being misplaced, at least with me.

ice.nicer
  • 141