FileVault recovery key redundant?

[gilbertm]

When activating FileVault, the user is prompted to either use iCloud for unlocking the encrypted disk or to write down a recovery key.

I'm wondering if the recovery key is redundant. As usual, Apple provides very little information.

I've found this:
"The recovery key is a code which can be used to unlock the disk if you forget your password."

And this:
"If you forget your password and lose the recovery key, all the data on your disk will be lost."

As I understand it, the recovery key would only be useful if I would forget my password. Storing the recovery in the same place as the password would be as useful as storing my password multiple times in the same place.

In other words, if I store my password securely, there's no need at all to write the recovery key down. It would be a dumb thing to do.

Or am I wrong? Is there a real or theoretical scenario (failed update, damaged hard disk, etc.) in which my password would be useless but the recovery key would be of help?

 

[NoBoMac]

Real/possible scenario: the FileVault entry for a user account gets corrupted.

FileVault has, in essence, a shadow password file that contains the hashed password for the user that is used to decrypt an intermediate encryption key (which is used to decrypt the master encryption key). One of the entries in this shadow file is an "account" for the recovery key. After five attempts to enter a password, you will be given the option to try the recovery key.

So, if the shadow file has an issue with the user, the fall-back is possibly available (assuming it is not corrupted as well).

 

[gilbertm]

Real/possible scenario: the FileVault entry for a user account gets corrupted.

FileVault has, in essence, a shadow password file that contains the hashed password for the user that is used to decrypt an intermediate encryption key (which is used to decrypt the master encryption key). One of the entries in this shadow file is an "account" for the recovery key. After five attempts to enter a password, you will be given the option to try the recovery key.

So, if the shadow file has an issue with the user, the fall-back is possibly available (assuming it is not corrupted as well).

Thank you for the answer.

OK, I can't say that I understand how the decryption works, but we're talking about a single file, I think. If this file gets corrupted in a certain way, the recovery key can be useful.

I assume that this is extremely unlikely, especially for ordinary and halfway careful users.

But if I'm uncomfortable with 1:1.000.000+ risks, I better write the recovery key down.

 

[KALLT]

Storing the recovery in the same place as the password would be as useful as storing my password multiple times in the same place.

I do not store my user password anywhere. Since it is only used for this purpose and nothing else and I need to use it multiple times a day, I do not see the need to store it anywhere. The recovery key provides for the emergency access in case I do forget my password or in the event I mistype it when I change it.

You can remove the recovery key in Terminal, it just is not an option in the GUI.

It would not be dramatic for me if in the unlikely cosmic event the password data gets corrupted so that I need to use the recovery key, since I will have backups of the entire data anyway.