What should be the order of MAC, encryption and authentication?
Encrypt then MAC. The MAC authenticates. Let Alice wants to send a message to Bob. If Alice were not a security expert she might try to mac then encrypt. What would happen? Well Bob would receive her message and he would try to read it. To do so Bob must first encrypt it before doing anything else. This is bad. He can check the MAC yet because the MAC is wrapped up inside the encryption. So Bob decrypts the message and now he is able to see the || MAC() So Bobputes the operation MAC() andpares his result to the one before him to ensure the integrity of the message (to make sure it was not tampered with). This might sound fine but the issue with this is that it violates the Cryptographic Doom Principle if you do anything before checking the authenticity of the message anything at all youre doomed. So basically if Alice does MAC then encrypt then Bob is forced to strip off the encryption before verifying the message wasn tampered with. This opens them up to attacks like the Padding oracle attack - Wikipedia s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If Alice does things correctly then the conversation looks like this Alice encrypts the message c = encrypt(m). Alice calculates the MAC of the cipher MAC(c). This MAC (message authentication code) is used to prove the integrity of the message. She appends them and sends them to Bob. c || MAC(c) Bob receives the message. He checks the MAC byputing MAC(c) himself andparing it to the one Alice sent. Then he decrypts c. m = decrypt(c). Now Bob knows the message and he knows it was not tampered with in transit.
What is Mac Extended Journaled encryption?
Mac OS Extended ( Journaled ) Uses the Mac format ( Journaled HFS Plus) to protect the integrity of the hierarchical file system. Mac OS Extended ( Journaled Encrypted ) Uses the Mac format requires a password and encrypts the partition.
Should we MAC-then-encrypt or encrypt-then-MAC?
Encrypt-then-MAC is what we should use or as I like to say verify-then-decrypt. There are theorems citation target s~mihir title s~mihir index 1 unique_id OeQgD going back twenty years on why encrypt-then-MAC gives us the security properties we need while MAC-then-encrypt does not. Do not use MAC-then-encrypt. Even if you make the correct choice Encrypt-then-MAC there are easy to make errors in implementing it that can break it. So do not implement this yourself unless there is no other choice. You are better off using an authenticated encryption mode such as GCM.
Would you recommend Time Machine for Mac OS X encrypted backups or some other 3rd party app?
You can say that Time Machine is enough if you don have to store too much or some over important data. When ites to scheduled backups synchronizing files on two different devices making bootable backups to create a clone of your hard disc to just pop right in your Mac Time Machine might not be enough. Especially if you run a business with a lot of precious information to be stored safely and on everyday basis. For those multiple purposes I use Get Backup s which has many features Time Machine lacks The ability to create the clone of your Mac so that in case of emergency you can always boot up from most recent clone and continue your work where you left it (with all your apps and data) on another Mac; The power to choose what when and where to backup - full system backup (Clone) on weekly basis along with more frequent backups of files you modify regularly (Backup Archive Sync). While Time Machine backs up your hard drive every hour and does not offer you the possibility to change the timetable to better fit your needs; Get Backup can automatically mount network devices and back up to them while Time Machine basically only backs up to locally mounted drives as the only network drive it can write to is Time Capsule. The major drawback to this is that backing up to a locally mounted drive requires the drive to constantly be together with theputer. It for you to choose the options but to make most of your backup plan it better to be safe than sorry. Choose to use every backup plan available to you. Time Machine + 3rd party app + Cloud storage will help to save your data from loss in any extreme situation.
Is it possible to encrypt Mac adress of a system with an image and decrypt it?
You cant encrypt the MAC but you can spoof it by using TMAC and other spoofing applications so that you wont be tracked. Hope this answers your question.
Is there an email client for Mac that will encrypt all your locally saved emails?
I don't know much of Mac software but I assume that your client saves all locally stored emails in the same directory. So you can just use any encryption tool that suits you best to encrypt all the emails. If you want to encrypt all emails in a single encrypted file you can use 7z with AES encryption for example.