MacOS – Force FileVault to use 256-bit key encryption

filevaultmacosmojave

Is there a way to use 256-bit key encryption for macOS system?

I’ve tried formatting system partition myself with bigger key size APFS, but macOS installer actually reverted this as it asks for user password now on login screen, not “disk password” on boot.

Best Answer

Most documentation I'm finding seems to indicate that the key's used in macOS 10.9 and higher use a 256 bit key by default.

Encryption and authentication support

FileVault 2 uses the Advanced Encryption Standard (AES) encryption algorithm, which delivers robust protection for stored data. Until mid-2013, it only supported the use of 128-bit keys, not 256-bit keys. Although 128-bit keys are technically acceptable in many environments, organizations are rapidly moving toward 256-bit keys to thwart emerging threats.

The latest versions of Mac OS X, starting with 10.9, support 256-bit AES keys, so organizations wishing to enable FileVault 2 on legacy systems should be cautious about the 128-bit key strength present in older Mac OS X versions, Lion (10.7) and Mountain Lion (10.8).

Reference: Apple FileVault 2: Full disk encryption software overview

This PDF and the Wikipedia page seem to indicate this as well.

Best Answer

Encryption and authentication support

Related Solutions

MacOS – Why can I boot into the recovery partition without entering a password even though I have FileVault 2 with full-disk-encryption enabled

MacOS – Change OSX encryption filevault password to match login pass

Related Question