Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Sciuriware

macrumors 6502a
Original poster
Jan 4, 2014
650
126
Gelderland
Hi all,
I just upgraded 2 systems to 14.5
One rebooted at completion without a single message or question.
The other did and announced a different encryption key for the disk.
I seem to remember that this happened exactly once before.
What's the difference? #1 is a MacBook M2, #2 is a Mac Studio M1.
Any ideas?
;JOOP!
 

chabig

macrumors G4
Sep 6, 2002
11,319
9,010
Here is an explanation. It explains that although you were presented with a new recovery key, you should validate it. for me, the new recovery key I got didn’t actually replace my original key.

 

Sciuriware

macrumors 6502a
Original poster
Jan 4, 2014
650
126
Gelderland
Here is an explanation. It explains that although you were presented with a new recovery key, you should validate it. for me, the new recovery key I got didn’t actually replace my original key.

I get the feeling that APPLE only made things more complicated.
So I choose to store any key and/or password away, do not use iCloud and forget about everything.
Thanks any way.
;JOOP!
 

Alameda

macrumors 65816
Jun 22, 2012
1,045
641
I get the feeling that APPLE only made things more complicated.
So I choose to store any key and/or password away, do not use iCloud and forget about everything.
Thanks any way.
;JOOP!
No, it doesn’t work perhaps the way you think.

In cryptographic systems, we have many, many keys. There are keys which protect other keys, for example. So your disk may be encrypted with a key, but that is not the key which Apple gives you. There are perfectly valid reasons for this, but suffice to say, if for some reason Apple believes that one of the key storage methods may potentially be compromised, it will change out that key, and if that key is user-facing, like in this case, it will present it to you. Other times, keys can be changed and you don’t know, because they are under the hood. If you look at Apple’s keychain manager, you’ll see loads of keys you never thought existed.
 

MacCheetah3

macrumors 68020
Nov 14, 2003
2,166
1,130
Central MN
🤔
Based on this tiny sampling, it’s a mobile vs. desktop Mac difference as my Mac mini generated a new key related to the macOS 14.5 (upgrade) install but the MBP apparently didn’t.

Here is an explanation. It explains that although you were presented with a new recovery key, you should validate it. for me, the new recovery key I got didn’t actually replace my original key.

The new key validated (i.e., “true”).

In cryptographic systems, we have many, many keys. There are keys which protect other keys, for example. So your disk may be encrypted with a key, but that is not the key which Apple gives you. There are perfectly valid reasons for this, but suffice to say, if for some reason Apple believes that one of the key storage methods may potentially be compromised, it will change out that key, and if that key is user-facing, like in this case, it will present it to you. Other times, keys can be changed and you don’t know, because they are under the hood. If you look at Apple’s keychain manager, you’ll see loads of keys you never thought existed.
Yes, although...


I didn’t change my user password (and I assume @Sciuriware didn’t as well). And the UID is fused into the Secure Enclave. Therefore, that seemingly leaves only a change to the methodology (i.e., algorithm) of the encryption, which there are many valid reasons to do so. Curiously, why wouldn’t it be necessary and implemented on all related Macs (e.g., only M1 series, only M1 base). Is it essential for us, the users, to know? Nope, but it is a light head scratcher at the minimum.
 

Sciuriware

macrumors 6502a
Original poster
Jan 4, 2014
650
126
Gelderland
Thanks to everybody trying to make things clear.
Being a computer specialist myself, I can imagine that many 'ordinary' users feel like in a jungle this way.
Many good reasons to keep your passwords safe.
;JOOP!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.