Hacker News new | past | comments | ask | show | jobs | submit login

> Do they encrypt known CP files with the FileVault key and then compare?

This shouldn't work because if they had the key (which should be encrypted with the password) then they could also just decrypt the rest.

Somebody on IRC said that maybe the encrypted filesystem saves hashes of the files unencrypted, but not sure if Apple's FileVault does this.




Storing hashes of unencrypted files, would that allow FileVault to verify it was decrypted without error?


The correct order is hash then encrypt, exactly so you can't do that. Now I don't know if FileVault is doing this correctly, but hopefully it does.

Edit: So two people have downvoted me without explanation. Is what I'm saying wrong?


You could also hash, encrypt, then hash again if you wanted extra integrity without decrypting. This is technically done with HTTPS through the TCP hash.


two people have downvoted me without explanation

Sadly, that is the new normal for HN (and, I'll be downvoted for saying something like this)


You can't unhash, so you could never retrieve the original file again.


What do you mean? You obviously store the encrypted file together with the encrypted hash.


Then I guess me and the downvoters thought you meant hashing the files for encryption :)




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: