Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Which way is more secure? #230

sickamongthepure opened this issue Jun 18, 2017 · 3 comments


Copy link

commented Jun 18, 2017

I'm wondering which way of deploying FileVault is more secure:

  1. Turning on FileVault in System Preferences after installing macOS.

  2. Before installing macOS make encrypted partition in Disk Utility and then install macOS.

What do you think?

@sickamongthepure sickamongthepure changed the title Which way is the best? Which way is more secure? Jun 22, 2017

This comment has been minimized.

Copy link

commented Jun 22, 2017

It should encrypt automatically the partition before to install. Or it isn't?


This comment has been minimized.

Copy link

commented Jun 26, 2017

I think he is asking about encrypting the drive from the recovery/bootable Installer (i.e. Disk Utility -> Erase > Mac OS (Journaled, Encrypted) versus erasing it regularly and then encrypting it during system setup (or some point later).

I actually had the same question and was wondering if anyone knew the advantages/disadvantages of both.


This comment has been minimized.

Copy link

commented Jul 31, 2017

I looked at the seeding of Apple's PRNG a few years ago. Things might have changed since then. Back then, the PRNG had more entropy available in scenario 1 because of the recent reboot. So, just based on that knowledge, scenario 1 seems more secure.

@drduh drduh closed this in f2ccf95 Aug 25, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.