Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macOS Monterey Allows You to Erase a Mac Without Needing to Reinstall the Operating System

cupcakes2000 said:
Again, unless there is something Apple has implemented incorrectly, ie, the encryption keys are not destroyed properly or in a secure manner, it’s not going to be possible to read the disk in any meaningful sense. Encrypting something means just that. If the key to decrypt it no longer exists, then it cannot be read.

It is in fact far more secure then other methods including reformatting and multiple pass 0 writes. Both of those it remains possible in some case to recover data.
Click to expand...
This!

It is absolutely amazing how many people don't understand how disk encryption works. Without the encryption key, the data is gone. Unless you think Apple can't implement encryption properly.

There is absolutely NO need to erase the drive like we used to. Writing zeros to an encrypted SSD is neither necessary and just causes unnecessary wear on the drive.
 
  • Like
Reactions: fahlman and chabig
diggy33 said:
If you’re playing around with the beta, please make sure you’re doing so on a spare or dedicated test machine. I’m running the developer beta on my spare 2018 15” MacBook Pro and wanted to test this out. Process was going smooth, until a reboot. Now the machines stuck at the Apple logo on boot. Getting in to Recovery is not working. Going to see if I can use AC2 to recover it.
Click to expand...
Sage advice. Thanks for giving users a practical heads up.
 
MacBH928 said:
I will wait until security researches prove that they can not recover previously made data on the computer.
Click to expand...

i wouldn’t consider this to be a security feature. you need to wipe a drive for that

i was thinking of this more as a convenience
 
  • Disagree
Reactions: fahlman
nathansz said:
i wouldn’t consider this to be a security feature. you need to wipe a drive for that

i was thinking of this more as a convenience
Click to expand...
No, destroying the encryption keys is far more secure than a wipe. It’s possible to recover data from a wipe, even a full reformat. Doing both is ideal, but given the choice, destroying the keys is the winner.
You cannot recover, in any readable manner, data which has been encrypted without the key, and any tech for the foreseeable future cannot brute force the key.
 
  • Like
Reactions: fahlman, chabig and Arctic Moose
cupcakes2000 said:
No, destroying the encryption keys is far more secure than a wipe. It’s possible to recover data from a wipe, even a full reformat. Doing both is ideal, but given the choice, destroying the keys is the winner.
You cannot recover, in any readable manner, data which has been encrypted without the key, and any tech for the foreseeable future cannot brute force the key.
Click to expand...
Huh?

No, you can't recover data from a wipe.

That's been something of a myth for quite a while.

Many many years ago, it was theoretically possible to recover some data from a hard drive that had been zeroed. Hard drive technology has changed significantly since then (and yes, I mean hard drive, that changed long before SSDs were ever a thing). It's still considered good practice to do a multiple-pass random data overwrite to wipe a hard drive, but it's really a bit of overkill to do more than one random-data passes on a hard drive built in the last decade or so, and even just zeroing it is good enough, there's just not enough shadow residual magnetism there on modern-ish hard drives.

And you're NOT going to recover data from a wiped (all bits set to 1) SSD.

Encrypted data on the other hand... It's hard, but throw enough computing resources at it for long enough and there's a decent chance of decryption, particularly since there's a decent chance that some bug in any encryption method that made the key weaker than it theoretically should have been. And in the somewhat distant but easily foreseeable future (early quantum computers are already a thing) it's going to be easier.
 
  • Disagree
  • Like
Reactions: fahlman and mabhatter
Khedron said:
Insta-deleting all personal files seems very useful for certain criminals.
Click to expand...
We criminals have already had a similar feature for a while now. It’s called encrypting your device and then shutting it down. :D
 
As a computer techie that works for an electronics recycling/reselling company, I am pleased about this! I like how Windows 10 has a similar feature for if I am resetting a Windows laptop that has an SSD I can't wipe or replace, or something like that. Generally when we get Macs we have to remove the data on the hard drives/SSDs by completely wiping them; on the Intel iMacs we usually use our DOS-based KillDisk application (on bootable USB thumb drives) while on others I'll wipe the disk using a MacOS installer on a bootable USB thumb drive (in fact I recently made a couple of MacOS Big Sur installer thumb drives!) In some cases like with the MacBook Airs we'll often sell them with blank SSDs, so whoever buys them can install the MacOS and such on one, though for others like the pre-unibody MacBook Pros they'll have me swap the hard drive with a blank one and install a MacOS version on it.
 
Victor Mortimer said:
Huh?

No, you can't recover data from a wipe.

That's been something of a myth for quite a while.

Many many years ago, it was theoretically possible to recover some data from a hard drive that had been zeroed. Hard drive technology has changed significantly since then (and yes, I mean hard drive, that changed long before SSDs were ever a thing). It's still considered good practice to do a multiple-pass random data overwrite to wipe a hard drive, but it's really a bit of overkill to do more than one random-data passes on a hard drive built in the last decade or so, and even just zeroing it is good enough, there's just not enough shadow residual magnetism there on modern-ish hard drives.

And you're NOT going to recover data from a wiped (all bits set to 1) SSD.

Encrypted data on the other hand... It's hard, but throw enough computing resources at it for long enough and there's a decent chance of decryption, particularly since there's a decent chance that some bug in any encryption method that made the key weaker than it theoretically should have been. And in the somewhat distant but easily foreseeable future (early quantum computers are already a thing) it's going to be easier.
Click to expand...
Whether you’re right or not regarding the safety of zeroing a hard disk, I don’t know enough, but I’ll stand corrected.
You’re wrong about encryption though. There are far to many variables involved and it’s definitely not possible within hundreds of centuries to brute force strong encryption at todays and the foreseeable technology - anything else is theory still.
 
This sounds great! I wanted to wipe my 2018 MBA to give it away, and ended up having to do an Internet Recovery, which took it all the way back to Mojave, and so then I had to create an account and upgrade back to Big Sur, and now I still can't seem to get it to be account-less so it goes through the welcome screens. A clean data wipe would be much easier.
 
Khedron said:
Insta-deleting all personal files seems very useful for certain criminals.
Click to expand...
The files aren't deleted, it's the encryption key that is deleted. This isn't actually new. A remote "erase" through Find My works the same way.
 
Shirasaki said:
Heh, one more step making macOS works and looks just like iPadOS, or even iOS. I don’t care how apple insists, macOS and iPadOS will eventually merge, and the only major difference is control.
My Mac is too old to support it (much less powerful too, long before Monterey), but I welcome this feature. I just want to see if apple will eventually pull the trigger to ban apps from outside App Store to run.
Click to expand...

Bringing iOS and MacOS together must surely lead into the walled garden, that seems obvious.
 
TriBruin said:
Without the decryption key, It is just garbage on the disk. There is no need to write over it.
Click to expand...
I understand that that's the theory. Unfortunately, reality says that you need to rotate keys every few months or else a sufficiently determined hacker is going to discover your key through brute force and manage to decrypt your drive.

Given Apple is encrypting every file by default, I have to imagine it's not using a particularly intensive encryption, which means brute forcing this key probably won't take as long as it could.

Given the large amount of drives that will end up with this same encryption, hackers (white hat, black hat, or anything in-between) might even have reason to make dedicated hardware that's specialized just for finding the key and decrypting the drive.
 
  • Disagree
Reactions: chabig
Shirasaki said:
But until apple permanently removes the ability for user to disable SIP, if a user actually touches the system volume in any way (as part of their “normal operation”) then I doubt this feature will actually restore that. You can see if this feature works with just SIP disabled. I don’t have a new Mac so I couldn’t test.
Click to expand...
This is what signing is for. The system can determine if the SSV was altered and this feature will probably not work if you've altered it. Haven't tried it, but there's no point to signing the volume if you don't need to verify its integrity.
 
ArtOfWarfare said:
I understand that that's the theory. Unfortunately, reality says that you need to rotate keys every few months or else a sufficiently determined hacker is going to discover your key through brute force and manage to decrypt your drive.

Given Apple is encrypting every file by default, I have to imagine it's not using a particularly intensive encryption, which means brute forcing this key probably won't take as long as it could.

Given the large amount of drives that will end up with this same encryption, hackers (white hat, black hat, or anything in-between) might even have reason to make dedicated hardware that's specialized just for finding the key and decrypting the drive.
Click to expand...
I think you’ll find there is enough reasons already to break encryption without apples tiny mac market share. Everything is encrypted, and when the encryption is done right, modern standards are not broken or even breakable with today’s tech.
 
When we can use this feature?
I guess only when we sell our Mac. So my 2013 mba and 2011 iMac could use it when I’ll sell them.
So once/twice every 8-10 years.

thanks for saving me so much time ;)

(but can’t even use this since those computers are incompatible with the new Os).
 
This could be useful at the office. We had a guy who left under shady circumstances put a password on one of our macbook pros and nobody can sign into it anymore and nobody was really sure how to wipe it effectively so we can reimage it for the person who replaced that user. He encrypted it too which we're pretty sure he did all of this on purpose to annoy us in the wake of his departure.
 
BeefCake 15 said:
The problem with backups is they could bring back potential problem areas in the OS. The second step with Apple support is telling you to do a fresh install and not from backup...
Click to expand...
Oh, well all my files are backed up separate from the os, I just assumed everyone around here did the same type of thing. Plus I think even Time Machine allows you to just restore files doesnt it?
 
ArtOfWarfare said:
I understand that that's the theory. Unfortunately, reality says that you need to rotate keys every few months or else a sufficiently determined hacker is going to discover your key through brute force and manage to decrypt your drive.

Given Apple is encrypting every file by default, I have to imagine it's not using a particularly intensive encryption, which means brute forcing this key probably won't take as long as it could.

Given the large amount of drives that will end up with this same encryption, hackers (white hat, black hat, or anything in-between) might even have reason to make dedicated hardware that's specialized just for finding the key and decrypting the drive.
Click to expand...
Apple uses AES-128 key based encryption. Best estimates that I have seen on the web put the time to crack a AES-128 encryption key is in several BILLION years. Yes, as computing power increases, that will decrease. But significantly in our lifetime (and by then the increase in power will also allow for AES-256 encryption or something with even larger key)

The number of drives using the same encryption is irrelevant. Each drive is encrypted with their own key. I can't take the key from one computer and use it to decrypt another drive. Each drive has a unique key.

Remember in the T2 & M1 computers (which we are talking about here.) All encryption is handled by a dedicate part of the T2 or M1 chip. The decryption keys are store in the Secure Enclave. So, unless someone has been able to break the Secure Enclave, the actual keys are unreadable outside of the T2/M1 chip.

FYI, .gov organizations all require FileVault turned on. Do you think they would trust something if it was as insecure as you seem to think. it is?
 
  • Like
Reactions: chabig and Arctic Moose
cupcakes2000 said:
No, destroying the encryption keys is far more secure than a wipe. It’s possible to recover data from a wipe, even a full reformat. Doing both is ideal, but given the choice, destroying the keys is the winner.
You cannot recover, in any readable manner, data which has been encrypted without the key, and any tech for the foreseeable future cannot brute force the key.
Click to expand...

to clarify,

what i meant was that my interest in the feature was as a quick and convenient way to start a fresh install and wasn’t concerned about the security aspect one way or another

either way, you can certainly make data unattainable by writing over it enough times or physically destroying the drive

any encryption can theoretically be broken
 
cupcakes2000 said:
Yes. Almost anything can be possible theoretically, in some future where the tech or means to do the suggested act has been invented.

Encryption based ignorance is strong in this thread.
Click to expand...

indeed

i certainly never claimed to be an expert on the subject

as i said, my interest in the feature had nothing to do with security
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back