Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think the way macOS and Windows loads stuff after login is a bit different though.

Since most macOS installations use FileVault by default, the login screen looks like it loads only stuff related to the login screen and not anything from the OS. Windows on the other hand, seems to load more stuff in the spinning thingy screen that appears before the login screen.

For instance, if you disable Filevault on macOS, the OS seems to load before the login screen, and then when you input your login and password, it loads to the desktop instantly. That would be a better comparison to a Windows machine, I think.

That said, I am not sure if this is how things really works, but that's how it looks like to work for me. Sorry if I spread any misinformation here :)



That would be an implementation deficiency. If Windows can be FDE and load faster than macOS, then the way macOS has implemented the FDE solution is suboptimal, if startup time is your primary measurement.

I personally don't have issues with startup times on my M2 Air or 5800X3D/Win11, both encrypted.


The way File Vault works nowadays, as I understand it, is that your user data (and maybe even much of the OS) isn't decrypted until you've put in your password on the login screen. This means that even if you devised a way to hijack the login screen, or sniff the keys coming out of the secure enclave, you'd still be stuck without the user's login password.

Windows, by contrast, unlocks the entire OS drive before you get to the login screen. So, a hypothetical login screen hijack would let you get to everything, or cold boot attacks/sniffing keys coming from the TPM to the CPU.

I'd argue the macOS version is better from a security aspect, but it has a necessary downside of being unable to load as much before the user can put in their password.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: