ICloud – Which FileVault 2 recovery option is more secure – storing the recovery key in iCloud, or saving it somewhere yourself

When setting up FileVault 2 on a computer, you're presented with 2 recovery options – storing the recovery key with your iCloud account / Apple ID, and displaying the recovery key (for you to write down / save somewhere yourself). However, after doing some research, I found some posts that claim to be able to extract FileVault recovery keys from users' iCloud accounts, which makes me wonder if storing the recovery key with iCloud is the best solution. For a point of reference, I also looked at Apple's whitepaper on FileVault, which explains that the recovery key is protected by a "wrapping" key generated by hashing the responses to 3 security questions. Still, if this exploit's legit, as far as I can tell this would only matter if someone had physical access to your computer.

Given these two recovery options, which would be more secure?

Store recovery key with iCloud
Store recovery key in a password manager, where it's synced to multiple devices via a service like Dropbox

I'm currently thinking option 2 would be, because there's the extra layer of the password manager vault even if the file syncing service were compromised, but that might be equivalent to the wrapping key hashing Apple adds.

Best Answer

Which would be more secure?

The answer to this can only be determined by you

What you have to do is find the balance between usability and security and that balance can only be determined by what you are comfortable with.

It's not so much where you store your passwords/recovery keys/etc. but how you store them. There are many levels of encryption that you could employ from a basic AES-256 to using Steganography to embed triple encrypted salted and hashed keys.

The more complex you make it, the more secure; the cost being the more inconvenient it becomes to access your data. Likewise, the corollary is also true, the less complex the security, the less secure but the payback is easier access to your data.

So, what you have to do is a simple risk assesment:

The value of the data to you (i.e. what's it worth to you?)
The importance of the data (can you live without it?)
The cost of the data (how much did/would it cost you to (re)create?)
How accessible do you need it (every day, every year, once in a lifetime?)

Granted, this is a very abridged version, but should suffice for this scenario.

Use the answers to the question to see what makes the most sense keeping in mind that the moment you place the data on someone else's servers (meaning the cloud) you inherently introduce risk into the equation.

Ahh...but with that last statement, you might be thinking "I should store it offline." That's a possibility, but then you introduce the issue of losing your data should you misplace the device (i.e. USB flash) that you placed it on.

What do I do?

My critical stuff is on a USB that is disguised as an innocent looking object. It's backed up to another USB that is placed in a safe in an undisclosed location.

My "not so critical stuff" is encrypted, then put on a cloud provider for ease of access.

But, that's what works for me. YMMV

Best Answer

Related Solutions

How to verify a Lion FileVault recovery key

Can a FileVault-encrypted partition be accessed using a password I supplied during OS X install

Related Question