For maximum FileVault2 security, why is hibernation recommended?

macos security filevault

Solution 1:

  1. During normal use, the keys are stored in RAM, which makes them vulnerable to a DMA attack over Firewire or Thunderbolt (using something like Inception). This is an old set of attacks, and Apple does actually disable some of the functionality of those devices during some sleep modes (e.g., hibernatemode 25 which removes power from the RAM after dumping its contents to disk; for added security, you should also disable Fast User Switching, as it's another attack vector.)

  2. That is the only thing that makes sense for Apple to do, since it's pretty trivial. More details might be culled from this analysis of FileVault 2, courtesy of a few security researchers from Cambridge.

  3. RAM can also be written to (see Inception) in order to bypass the actual password; dumping to disk and reloading on wake will ensure the contents is tamper-proof.

Related

How do I turn a folder into a .jar file?
How does iOS delete a file technically and can it potentially be undeleted?
10.9: External monitor not recognised after monitor sleeps
Equivalent of iOS' 30/30 (task manager) app for OS X
iOS 7: iCloud backup fails silently
Unread marks not updating reliably in Mac Mail with Exchange server after upgrade to Yosemite
safari to open external links in new window
Is there a Developer and Inspect feature in Mail.app
External monitor goes black for short periods on MBP mid 2010 but not on same machine running Windows
How can you pause text to speech so that it restarts from where you left off?
Is there a Java IDE for iPad which can compile and run Java locally?
Is there a web inspector available on iOS?