Q&A: Security of encryption

Q How secure is an encrypted disk image that I might create using Disk Utility on my Mac? Could it be hacked into using a PC or Linux machine?

A When accessed through Disk Utility, you can choose between 128-bit and 256-bit AES encryption. Although either can probably be broken by a major security agency, for the likes of lesser mortals they are effectively completely secure when used properly, and with an unguessable passphrase.

As the whole disk image is encrypted, only a very serious attacker would even stand a chance of breaking into an encrypted disk image.

Whilst Windows and Linux can access disk images by various means, none of these can be used to bypass an encrypted disk image: because this is not just password-protected access, but all the data in the image are encrypted, there is no practical way around the encryption if you do not know the passphrase.

This is just as well, as the secure disk system supported by OS X, known as File Vault, depends on the same encryption scheme.

Comments The shell command version hdiutil, although it offers hundreds of other options and variations, still only supports the same two variants of AES, though. Details of hdiutil and other features of disk images are given in this article.

Updated from the original, which was first published in MacUser volume 28 issue 03, 2012.