This weekend I had reason to want to encrypt some files on my Mac. As well as my iCompta files, iCompta is a brilliant open source app for tracking finances, I also had some passwords in a text file. I don’t know what the passwords are for, but know that I must have considered them important at some point and if I delete the file then I will discover it’s secret about five seconds later.

So, how to encrypt them? Stick them in a folder and fire up Disk Utility. What? You don’t have a Mac?!? Cry me a river, I don’t care about Windows or Linux. Go on… get out of here. Good, they’re gone. Select the “new disk image from folder” option and select read/write and 256 bit encryption. Choose a password (don’t save it in your keychain – duh!).

You should now have a disk image that cannot be mounted without your password and will keep all of your files safe and sound (as long as you don’t leave it mounted permanently – duh!). Although this worked *almost* perfectly for my requirements (there are issues with Time Machine), I’m not sure of the implications of this approach on disk fragmentation, so if you are going to do this on large a file system, you might want to investigate further.

3 thoughts on “Lockdown

  1. Whats wrong with saving passwords in a keychain? It’s very easy to create other keychains to store secrets; they remain locked if they have a different password to your login password.

    Mind you, I don’t know what encryption is used on keychains – it should be at least the same as or greater than the other secret you’re protecting.

  2. If you save the password in the keychain and you get Mac-jacked, then the perp will get access to the encrypted disk image without being asked for the password, thus rendering all of your hard work useless.

    If you have a separate keychain then you just have to enter the password for that instead of the password for the disk image itself, therefore there is no benefit. However, since keychain uses a 512-bit key, it is more secure than a disk image alone. Some people set their keychain to lock after several minutes of inactivity, or upon resumption from sleep, as a way of preventing malicious access to *stuff* from their Mac, but I think this would get annoying REAL fast!

  3. I’ve been using 1Password, which integrates well with browsers as well as allowing you to store other info securely. There’s also going to be an online version so that you can access all your info from anywhere (if you trust them!).

Leave a Reply

Your email address will not be published. Required fields are marked *