Time Machine Encryption Specs

macos time-machine encryption

Apple documents it's cryptographic certifications online:

  • https://support.apple.com/en-us/HT201159

From the PDF for Crypto Officer on OS X 10.10 (these documents and evaluations happen after the OS is released, so look for 10.11 crypto certifications mid-winter to early spring) it states that

“FIPS Mode” is enabled all the time automatically without the need for installation, administration or configuration.

FileVault 2, Kerberos, Keychain Services, Software Update Services, Time Machine, VPN, and 802.1X are all FIPS 140-2 compliant

So, if you spend a lot of time reading those links - you'll see the the certification was done to Level 1 requirements. Nothing about Time Machine makes sense about network since it decrypts things to run. According to this Apple Support page, the encryption used on disk is XTS-AES 128 encryption

Related

Limit what a tethered iPhone internet connection can be used for
Unable to change function keys like before
Boot Camp "Can't install the software" error
After restoring my iPhone from an iCloud backup, all my photos are greyed out. How can I get them back?
Why does my iPhone not have any audio during phone calls?
Mac storage usage
As part of "nuking it from orbit", is it safe to reinstall the OS using Recovery?
Signing an App that includes Java fails
Automator service script ALWAYS launches application, disregarding conditional
Why does my iPhone still think I have 7gb of pictures on it even after I deleted all of them? [closed]
MBPr with El Capitan freezes at or right after login
Terminal Sub-pixel Rendering improvement?