Password Protection vs. Encryption

[Wade Garrett]

Some native Mac apps like Pages and Numbers have a "Set Password"
feature in the File menu.

After setting a password, is that file actually encrypted-- or just
password-protected?

[johnson]

encrypted (per Pages User Guide)

[Wade Garrett]

I sure couldn't find it in the Guide. Can you mention where?

[Wade Garrett]

Aha, I just found it!!

Thanks...

[Alan Browne]

https://support.apple.com/en-ca/guide/pages/tanca246d3ac/mac

--
“Donald Trump and his allies and supporters are a clear and present
danger to American democracy.”
- J Michael Luttig - 2022-06-16
- Former US appellate court judge (R) testifying to the January 6
committee

[Wade Garrett]

On 5/6/23 10:50 AM, Alan Browne wrote:
> On 2023-05-05 18:47, Wade Garrett wrote:
>> On 5/5/23 11:15 AM, johnson wrote:
>>> On 2023-05-05, Wade Garrett <wa...@cooler.net> wrote:
>>>> Some native Mac apps like Pages and Numbers have a "Set Password"
>>>> feature in the File menu.
>>>>
>>>> After setting a password, is that file actually encrypted-- or just
>>>> password-protected?
>>>
>>> encrypted (per Pages User Guide)
>>
>> I sure couldn't find it in the Guide. Can you mention where?
>
> https://support.apple.com/en-ca/guide/pages/tanca246d3ac/mac
>

Thanks.

--
The democracy will cease to exist when you take away from those who are
willing to work and give to those who would not.
- Thomas Jefferson

[Alan Browne]

On 2023-05-06 19:26, Wade Garrett wrote:
> On 5/6/23 10:50 AM, Alan Browne wrote:
>> On 2023-05-05 18:47, Wade Garrett wrote:
>>> On 5/5/23 11:15 AM, johnson wrote:
>>>> On 2023-05-05, Wade Garrett <wa...@cooler.net> wrote:
>>>>> Some native Mac apps like Pages and Numbers have a "Set Password"
>>>>> feature in the File menu.
>>>>>
>>>>> After setting a password, is that file actually encrypted-- or just
>>>>> password-protected?
>>>>
>>>> encrypted (per Pages User Guide)
>>>
>>> I sure couldn't find it in the Guide. Can you mention where?
>>
>> https://support.apple.com/en-ca/guide/pages/tanca246d3ac/mac
>>
>
> Thanks.

Once Apple introduced Keychain in the 90's, almost everything password
related went encrypted.

I personally wish that all files on Macs would be separately encrypted.
Then deleting a file (and its key) [after emptying the trash] would make
recovery impossible. (This is simplistic - implementation details would
be a little stickier).

[Joerg Lorenz]

Am 07.05.23 um 17:06 schrieb Alan Browne:

> On 2023-05-06 19:26, Wade Garrett wrote:
>> On 5/6/23 10:50 AM, Alan Browne wrote:
>>> On 2023-05-05 18:47, Wade Garrett wrote:
>>>> On 5/5/23 11:15 AM, johnson wrote:
>>>>> On 2023-05-05, Wade Garrett <wa...@cooler.net> wrote:
>>>>>> Some native Mac apps like Pages and Numbers have a "Set Password"
>>>>>> feature in the File menu.
>>>>>>
>>>>>> After setting a password, is that file actually encrypted-- or just
>>>>>> password-protected?
>>>>>
>>>>> encrypted (per Pages User Guide)
>>>>
>>>> I sure couldn't find it in the Guide. Can you mention where?
>>>
>>> https://support.apple.com/en-ca/guide/pages/tanca246d3ac/mac
>>>
>>
>> Thanks.
>
> Once Apple introduced Keychain in the 90's, almost everything password
> related went encrypted.
>
> I personally wish that all files on Macs would be separately encrypted.
> Then deleting a file (and its key) [after emptying the trash] would make
> recovery impossible. (This is simplistic - implementation details would
> be a little stickier).

You could create this yourself with reasonable effort albeit
circumventing the keychain. Flexible encrypted and password protected
containers can do exactly that.

At one time I considered to use them but since Apple offers
E2E-Encryption on iCloud I dismissed it.


--
Gutta cavat lapidem (Ovid)

[Alan Browne]

On 2023-05-07 11:45, Joerg Lorenz wrote:
> Am 07.05.23 um 17:06 schrieb Alan Browne:
>> On 2023-05-06 19:26, Wade Garrett wrote:
>>> On 5/6/23 10:50 AM, Alan Browne wrote:
>>>> On 2023-05-05 18:47, Wade Garrett wrote:
>>>>> On 5/5/23 11:15 AM, johnson wrote:
>>>>>> On 2023-05-05, Wade Garrett <wa...@cooler.net> wrote:
>>>>>>> Some native Mac apps like Pages and Numbers have a "Set Password"
>>>>>>> feature in the File menu.
>>>>>>>
>>>>>>> After setting a password, is that file actually encrypted-- or just
>>>>>>> password-protected?
>>>>>>
>>>>>> encrypted (per Pages User Guide)
>>>>>
>>>>> I sure couldn't find it in the Guide. Can you mention where?
>>>>
>>>> https://support.apple.com/en-ca/guide/pages/tanca246d3ac/mac
>>>>
>>>
>>> Thanks.
>>
>> Once Apple introduced Keychain in the 90's, almost everything password
>> related went encrypted.
>>
>> I personally wish that all files on Macs would be separately encrypted.
>> Then deleting a file (and its key) [after emptying the trash] would make
>> recovery impossible. (This is simplistic - implementation details would
>> be a little stickier).
>
> You could create this yourself with reasonable effort albeit
> circumventing the keychain. Flexible encrypted and password protected
> containers can do exactly that.

Of course. But that isn't the point.

Up until SSD's became common issue on Macs, when you deleted files there
was a mechanism (within Finder IIRC) to securely wipe the file if
desired. So for things of particular import you could be sure they were
not recoverable.

Apple removed this feature (even for spinning mass drives) at some point
to avoid over-writing to SSD's.

On iOS, OTOH, all files are separately encrypted - when they are deleted
so is the key. Not recoverable.

[Jolly Roger]

On 2023-05-07, Alan Browne <bitb...@blackhole.com> wrote:
> On 2023-05-06 19:26, Wade Garrett wrote:
>> On 5/6/23 10:50 AM, Alan Browne wrote:
>>> On 2023-05-05 18:47, Wade Garrett wrote:
>>>> On 5/5/23 11:15 AM, johnson wrote:
>>>>> On 2023-05-05, Wade Garrett <wa...@cooler.net> wrote:
>>>>>>
>>>>>> Some native Mac apps like Pages and Numbers have a "Set Password"
>>>>>> feature in the File menu.
>>>>>>
>>>>>> After setting a password, is that file actually encrypted-- or
>>>>>> just password-protected?
>>>>>
>>>>> encrypted (per Pages User Guide)
>>>>
>>>> I sure couldn't find it in the Guide. Can you mention where?
>>>
>>> https://support.apple.com/en-ca/guide/pages/tanca246d3ac/mac
>>
>> Thanks.
>
> Once Apple introduced Keychain in the 90's, almost everything password
> related went encrypted.
>
> I personally wish that all files on Macs would be separately
> encrypted. Then deleting a file (and its key) [after emptying the
> trash] would make recovery impossible. (This is simplistic -
> implementation details would be a little stickier).

Meh. I'm happy with FileVault, which encrypts the entire file system
using XTS-AES-128 encryption with a 256-bit key. And when I want to
encrypt individual items, I just throw them into an encrypted sparse
disk image. The two combined are highly secure and private.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[Jolly Roger]

On 2023-05-07, Alan Browne <bitb...@blackhole.com> wrote:

> On 2023-05-07 11:45, Joerg Lorenz wrote:
>> Am 07.05.23 um 17:06 schrieb Alan Browne:
>>>

>>> Once Apple introduced Keychain in the 90's, almost everything
>>> password related went encrypted.
>>>
>>> I personally wish that all files on Macs would be separately
>>> encrypted. Then deleting a file (and its key) [after emptying the
>>> trash] would make recovery impossible. (This is simplistic -
>>> implementation details would be a little stickier).
>>
>> You could create this yourself with reasonable effort albeit
>> circumventing the keychain. Flexible encrypted and password protected
>> containers can do exactly that.
>
> Of course. But that isn't the point.
>
> Up until SSD's became common issue on Macs, when you deleted files
> there was a mechanism (within Finder IIRC) to securely wipe the file
> if desired. So for things of particular import you could be sure they
> were not recoverable.
>
> Apple removed this feature (even for spinning mass drives) at some
> point to avoid over-writing to SSD's.

It's nowhere near as easy or effective to recover deleted data from
flash storage as it is from traditional hard drives due to the way
storage is controlled. So there's not much of a need to secure wipe
individual files, especially when the entire file system is encrypted
with FileVault.

> On iOS, OTOH, all files are separately encrypted - when they are
> deleted so is the key. Not recoverable.

Encryption and Data Protection overview
<https://support.apple.com/guide/security/encryption-and-data-protection-overview-sece3bee0835/web>
---
iOS and iPadOS devices use a file encryption methodology called Data
Protection, whereas the data on an Intel-based Mac is protected with a
volume encryption technology called FileVault. A Mac with Apple silicon
uses a hybrid model that supports Data Protection, with two caveats: The
lowest protection level Class (D) isn’t supported, and the default level
(Class C) uses a volume key and acts just like the FileVault on an
Intel-based Mac. In all cases, key management hierarchies are rooted in
the dedicated silicon of the Secure Enclave, and a dedicated AES Engine
supports line-speed encryption and helps ensure that long-lived
encryption keys aren’t exposed to the kernel operating system or CPU
(where they might be compromised). (An Intel-based Mac with a T1 or
lacking a Secure Enclave doesn’t use dedicated silicon to protect its
FileVault encryption keys.)
---

[Alan Browne]

As I said, "I wish" it were so, but I'm not esp. worried. (Yes my disks
are Filevaulted - saves the more drastic disposal steps).

[Alan Browne]

I don't disagree, however I still have spinning mass external drives.
And while they are Filevaulted, I'd still rather "securely" get rid of
some files while the volume exists. Thus I wish that feature were still
there.

>> On iOS, OTOH, all files are separately encrypted - when they are
>> deleted so is the key. Not recoverable.
>
> Encryption and Data Protection overview
> <https://support.apple.com/guide/security/encryption-and-data-protection-overview-sece3bee0835/web>

Well aware (okay - I might forget finer details).