|
|
|
|
|
|
by jcotton42
417 days ago
|
|
|
The way File Vault works nowadays, as I understand it, is that your user data (and maybe even much of the OS) isn't decrypted until you've put in your password on the login screen. This means that even if you devised a way to hijack the login screen, or sniff the keys coming out of the secure enclave, you'd still be stuck without the user's login password. Windows, by contrast, unlocks the entire OS drive before you get to the login screen. So, a hypothetical login screen hijack would let you get to everything, or cold boot attacks/sniffing keys coming from the TPM to the CPU. I'd argue the macOS version is better from a security aspect, but it has a necessary downside of being unable to load as much before the user can put in their password. |
|
|