Does changing the encryption password imply rewriting all the data?












48














Let's say I have 1 TB of data on a partition encrypted with BitLocker, TrueCrypt or VeraCrypt.



Does changing the encryption password imply rewriting all the data (i.e., will it take hours/days)?






windows encryption bitlocker disk-encryption







share|improve this question




















  • 1




    For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
    – usr-local-ΕΨΗΕΛΩΝ
    Nov 23 at 11:05






  • 1




    Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
    – Xen2050
    Nov 23 at 13:05








  • 3




    Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
    – Clockwork-Muse
    Nov 23 at 19:13






  • 1




    @Clockwork-Muse Still better than encrypt them with the original short key.
    – gvgramazio
    Nov 23 at 19:59
















48














Let's say I have 1 TB of data on a partition encrypted with BitLocker, TrueCrypt or VeraCrypt.



Does changing the encryption password imply rewriting all the data (i.e., will it take hours/days)?






windows encryption bitlocker disk-encryption







share|improve this question




















  • 1




    For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
    – usr-local-ΕΨΗΕΛΩΝ
    Nov 23 at 11:05






  • 1




    Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
    – Xen2050
    Nov 23 at 13:05








  • 3




    Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
    – Clockwork-Muse
    Nov 23 at 19:13






  • 1




    @Clockwork-Muse Still better than encrypt them with the original short key.
    – gvgramazio
    Nov 23 at 19:59














48












48








48


10





Let's say I have 1 TB of data on a partition encrypted with BitLocker, TrueCrypt or VeraCrypt.



Does changing the encryption password imply rewriting all the data (i.e., will it take hours/days)?






windows encryption bitlocker disk-encryption







share|improve this question















Let's say I have 1 TB of data on a partition encrypted with BitLocker, TrueCrypt or VeraCrypt.



Does changing the encryption password imply rewriting all the data (i.e., will it take hours/days)?






windows encryption bitlocker disk-encryption




windows encryption bitlocker disk-encryption






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 at 18:43









Run5k

10.7k72749




10.7k72749










asked Nov 22 at 14:52









Basj

755628




755628








  • 1




    For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
    – usr-local-ΕΨΗΕΛΩΝ
    Nov 23 at 11:05






  • 1




    Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
    – Xen2050
    Nov 23 at 13:05








  • 3




    Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
    – Clockwork-Muse
    Nov 23 at 19:13






  • 1




    @Clockwork-Muse Still better than encrypt them with the original short key.
    – gvgramazio
    Nov 23 at 19:59














  • 1




    For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
    – usr-local-ΕΨΗΕΛΩΝ
    Nov 23 at 11:05






  • 1




    Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
    – Xen2050
    Nov 23 at 13:05








  • 3




    Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
    – Clockwork-Muse
    Nov 23 at 19:13






  • 1




    @Clockwork-Muse Still better than encrypt them with the original short key.
    – gvgramazio
    Nov 23 at 19:59








1




1




For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
– usr-local-ΕΨΗΕΛΩΝ
Nov 23 at 11:05




For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
– usr-local-ΕΨΗΕΛΩΝ
Nov 23 at 11:05




1




1




Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
– Xen2050
Nov 23 at 13:05






Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
– Xen2050
Nov 23 at 13:05






3




3




Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
– Clockwork-Muse
Nov 23 at 19:13




Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
– Clockwork-Muse
Nov 23 at 19:13




1




1




@Clockwork-Muse Still better than encrypt them with the original short key.
– gvgramazio
Nov 23 at 19:59




@Clockwork-Muse Still better than encrypt them with the original short key.
– gvgramazio
Nov 23 at 19:59










2 Answers
2






active

oldest

votes


















78














No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.



(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)






share|improve this answer























  • Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
    – Basj
    Nov 22 at 14:58








  • 1




    I don't have any useful links at hand, but see Twisty's answer regarding that.
    – grawity
    Nov 22 at 18:17






  • 7




    Then the next question is obvious: is it possible to change the master key?
    – gvgramazio
    Nov 23 at 20:01










  • @gvgramazio: Possibly, but that should be a separate thread – and you should mention what specific fde program that you are using and on what OS. (It's possible technically, but there might not be any tools available to actually do it.) Also mention the reason why you think changing it might be necessary...
    – grawity
    Nov 24 at 13:08










  • The reason could be almost the same as why one wants to change the password. Maybe the password has been discovered, thus the master key has been discovered. Of course, one should have access to encrypted master key but maybe its possible. If one has the suspect that the master key has been discovered changing only the password has no effect.
    – gvgramazio
    Nov 24 at 13:13



















35














Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.



For example, here's how BitLocker implements this (it actually uses three "layers" of keys):




  1. Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.

  2. The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.

  3. The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.


The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:



Scheme of disk decryption



More information about this process can be found on TechNet.






share|improve this answer



















  • 9




    Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
    – Matija Nalis
    Nov 23 at 22:33










  • Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
    – Twisty Impersonator
    Nov 23 at 22:52






  • 2




    yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
    – Matija Nalis
    Nov 23 at 23:14






  • 3




    @TwistyImpersonator The entire purpose of encrypting a disk is to protect your data when somebody has physical access. So the scenario is not moot; it is the whole point.
    – Lightness Races in Orbit
    Nov 24 at 0:14








  • 1




    @LightnessRacesinOrbit I realize that. My comment was made in the context of the suggested vulnerability of the VMK before encryption is complete. In that specific window of time, encryption does not protect against an attacker with physical access or remote admin rights.
    – Twisty Impersonator
    Nov 24 at 0:39













Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377595%2fdoes-changing-the-encryption-password-imply-rewriting-all-the-data%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









78














No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.



(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)






share|improve this answer























  • Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
    – Basj
    Nov 22 at 14:58








  • 1




    I don't have any useful links at hand, but see Twisty's answer regarding that.
    – grawity
    Nov 22 at 18:17






  • 7




    Then the next question is obvious: is it possible to change the master key?
    – gvgramazio
    Nov 23 at 20:01










  • @gvgramazio: Possibly, but that should be a separate thread – and you should mention what specific fde program that you are using and on what OS. (It's possible technically, but there might not be any tools available to actually do it.) Also mention the reason why you think changing it might be necessary...
    – grawity
    Nov 24 at 13:08










  • The reason could be almost the same as why one wants to change the password. Maybe the password has been discovered, thus the master key has been discovered. Of course, one should have access to encrypted master key but maybe its possible. If one has the suspect that the master key has been discovered changing only the password has no effect.
    – gvgramazio
    Nov 24 at 13:13
















78














No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.



(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)






share|improve this answer























  • Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
    – Basj
    Nov 22 at 14:58








  • 1




    I don't have any useful links at hand, but see Twisty's answer regarding that.
    – grawity
    Nov 22 at 18:17






  • 7




    Then the next question is obvious: is it possible to change the master key?
    – gvgramazio
    Nov 23 at 20:01










  • @gvgramazio: Possibly, but that should be a separate thread – and you should mention what specific fde program that you are using and on what OS. (It's possible technically, but there might not be any tools available to actually do it.) Also mention the reason why you think changing it might be necessary...
    – grawity
    Nov 24 at 13:08










  • The reason could be almost the same as why one wants to change the password. Maybe the password has been discovered, thus the master key has been discovered. Of course, one should have access to encrypted master key but maybe its possible. If one has the suspect that the master key has been discovered changing only the password has no effect.
    – gvgramazio
    Nov 24 at 13:13














78












78








78






No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.



(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)






share|improve this answer














No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.



(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 23 at 7:54

























answered Nov 22 at 14:56









grawity

231k35487544




231k35487544












  • Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
    – Basj
    Nov 22 at 14:58








  • 1




    I don't have any useful links at hand, but see Twisty's answer regarding that.
    – grawity
    Nov 22 at 18:17






  • 7




    Then the next question is obvious: is it possible to change the master key?
    – gvgramazio
    Nov 23 at 20:01










  • @gvgramazio: Possibly, but that should be a separate thread – and you should mention what specific fde program that you are using and on what OS. (It's possible technically, but there might not be any tools available to actually do it.) Also mention the reason why you think changing it might be necessary...
    – grawity
    Nov 24 at 13:08










  • The reason could be almost the same as why one wants to change the password. Maybe the password has been discovered, thus the master key has been discovered. Of course, one should have access to encrypted master key but maybe its possible. If one has the suspect that the master key has been discovered changing only the password has no effect.
    – gvgramazio
    Nov 24 at 13:13


















  • Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
    – Basj
    Nov 22 at 14:58








  • 1




    I don't have any useful links at hand, but see Twisty's answer regarding that.
    – grawity
    Nov 22 at 18:17






  • 7




    Then the next question is obvious: is it possible to change the master key?
    – gvgramazio
    Nov 23 at 20:01










  • @gvgramazio: Possibly, but that should be a separate thread – and you should mention what specific fde program that you are using and on what OS. (It's possible technically, but there might not be any tools available to actually do it.) Also mention the reason why you think changing it might be necessary...
    – grawity
    Nov 24 at 13:08










  • The reason could be almost the same as why one wants to change the password. Maybe the password has been discovered, thus the master key has been discovered. Of course, one should have access to encrypted master key but maybe its possible. If one has the suspect that the master key has been discovered changing only the password has no effect.
    – gvgramazio
    Nov 24 at 13:13
















Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
– Basj
Nov 22 at 14:58






Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
– Basj
Nov 22 at 14:58






1




1




I don't have any useful links at hand, but see Twisty's answer regarding that.
– grawity
Nov 22 at 18:17




I don't have any useful links at hand, but see Twisty's answer regarding that.
– grawity
Nov 22 at 18:17




7




7




Then the next question is obvious: is it possible to change the master key?
– gvgramazio
Nov 23 at 20:01




Then the next question is obvious: is it possible to change the master key?
– gvgramazio
Nov 23 at 20:01












@gvgramazio: Possibly, but that should be a separate thread – and you should mention what specific fde program that you are using and on what OS. (It's possible technically, but there might not be any tools available to actually do it.) Also mention the reason why you think changing it might be necessary...
– grawity
Nov 24 at 13:08




@gvgramazio: Possibly, but that should be a separate thread – and you should mention what specific fde program that you are using and on what OS. (It's possible technically, but there might not be any tools available to actually do it.) Also mention the reason why you think changing it might be necessary...
– grawity
Nov 24 at 13:08












The reason could be almost the same as why one wants to change the password. Maybe the password has been discovered, thus the master key has been discovered. Of course, one should have access to encrypted master key but maybe its possible. If one has the suspect that the master key has been discovered changing only the password has no effect.
– gvgramazio
Nov 24 at 13:13




The reason could be almost the same as why one wants to change the password. Maybe the password has been discovered, thus the master key has been discovered. Of course, one should have access to encrypted master key but maybe its possible. If one has the suspect that the master key has been discovered changing only the password has no effect.
– gvgramazio
Nov 24 at 13:13













35














Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.



For example, here's how BitLocker implements this (it actually uses three "layers" of keys):




  1. Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.

  2. The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.

  3. The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.


The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:



Scheme of disk decryption



More information about this process can be found on TechNet.






share|improve this answer



















  • 9




    Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
    – Matija Nalis
    Nov 23 at 22:33










  • Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
    – Twisty Impersonator
    Nov 23 at 22:52






  • 2




    yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
    – Matija Nalis
    Nov 23 at 23:14






  • 3




    @TwistyImpersonator The entire purpose of encrypting a disk is to protect your data when somebody has physical access. So the scenario is not moot; it is the whole point.
    – Lightness Races in Orbit
    Nov 24 at 0:14








  • 1




    @LightnessRacesinOrbit I realize that. My comment was made in the context of the suggested vulnerability of the VMK before encryption is complete. In that specific window of time, encryption does not protect against an attacker with physical access or remote admin rights.
    – Twisty Impersonator
    Nov 24 at 0:39


















35














Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.



For example, here's how BitLocker implements this (it actually uses three "layers" of keys):




  1. Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.

  2. The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.

  3. The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.


The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:



Scheme of disk decryption



More information about this process can be found on TechNet.






share|improve this answer



















  • 9




    Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
    – Matija Nalis
    Nov 23 at 22:33










  • Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
    – Twisty Impersonator
    Nov 23 at 22:52






  • 2




    yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
    – Matija Nalis
    Nov 23 at 23:14






  • 3




    @TwistyImpersonator The entire purpose of encrypting a disk is to protect your data when somebody has physical access. So the scenario is not moot; it is the whole point.
    – Lightness Races in Orbit
    Nov 24 at 0:14








  • 1




    @LightnessRacesinOrbit I realize that. My comment was made in the context of the suggested vulnerability of the VMK before encryption is complete. In that specific window of time, encryption does not protect against an attacker with physical access or remote admin rights.
    – Twisty Impersonator
    Nov 24 at 0:39
















35












35








35






Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.



For example, here's how BitLocker implements this (it actually uses three "layers" of keys):




  1. Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.

  2. The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.

  3. The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.


The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:



Scheme of disk decryption



More information about this process can be found on TechNet.






share|improve this answer














Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.



For example, here's how BitLocker implements this (it actually uses three "layers" of keys):




  1. Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.

  2. The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.

  3. The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.


The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:



Scheme of disk decryption



More information about this process can be found on TechNet.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 23 at 1:14

























answered Nov 22 at 17:12









Twisty Impersonator

17.7k136395




17.7k136395








  • 9




    Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
    – Matija Nalis
    Nov 23 at 22:33










  • Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
    – Twisty Impersonator
    Nov 23 at 22:52






  • 2




    yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
    – Matija Nalis
    Nov 23 at 23:14






  • 3




    @TwistyImpersonator The entire purpose of encrypting a disk is to protect your data when somebody has physical access. So the scenario is not moot; it is the whole point.
    – Lightness Races in Orbit
    Nov 24 at 0:14








  • 1




    @LightnessRacesinOrbit I realize that. My comment was made in the context of the suggested vulnerability of the VMK before encryption is complete. In that specific window of time, encryption does not protect against an attacker with physical access or remote admin rights.
    – Twisty Impersonator
    Nov 24 at 0:39
















  • 9




    Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
    – Matija Nalis
    Nov 23 at 22:33










  • Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
    – Twisty Impersonator
    Nov 23 at 22:52






  • 2




    yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
    – Matija Nalis
    Nov 23 at 23:14






  • 3




    @TwistyImpersonator The entire purpose of encrypting a disk is to protect your data when somebody has physical access. So the scenario is not moot; it is the whole point.
    – Lightness Races in Orbit
    Nov 24 at 0:14








  • 1




    @LightnessRacesinOrbit I realize that. My comment was made in the context of the suggested vulnerability of the VMK before encryption is complete. In that specific window of time, encryption does not protect against an attacker with physical access or remote admin rights.
    – Twisty Impersonator
    Nov 24 at 0:39










9




9




Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
– Matija Nalis
Nov 23 at 22:33




Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
– Matija Nalis
Nov 23 at 22:33












Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
– Twisty Impersonator
Nov 23 at 22:52




Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
– Twisty Impersonator
Nov 23 at 22:52




2




2




yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
– Matija Nalis
Nov 23 at 23:14




yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
– Matija Nalis
Nov 23 at 23:14




3




3




@TwistyImpersonator The entire purpose of encrypting a disk is to protect your data when somebody has physical access. So the scenario is not moot; it is the whole point.
– Lightness Races in Orbit
Nov 24 at 0:14






@TwistyImpersonator The entire purpose of encrypting a disk is to protect your data when somebody has physical access. So the scenario is not moot; it is the whole point.
– Lightness Races in Orbit
Nov 24 at 0:14






1




1




@LightnessRacesinOrbit I realize that. My comment was made in the context of the suggested vulnerability of the VMK before encryption is complete. In that specific window of time, encryption does not protect against an attacker with physical access or remote admin rights.
– Twisty Impersonator
Nov 24 at 0:39






@LightnessRacesinOrbit I realize that. My comment was made in the context of the suggested vulnerability of the VMK before encryption is complete. In that specific window of time, encryption does not protect against an attacker with physical access or remote admin rights.
– Twisty Impersonator
Nov 24 at 0:39




















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377595%2fdoes-changing-the-encryption-password-imply-rewriting-all-the-data%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

What visual should I use to simply compare current year value vs last year in Power BI desktop

Image
0 I have column SubToBind that shows current year ratio and column PY SubToBind which shows previous year ratio. How can I simply create a card that would be displaying them both in a nice way? Something like that: I cannot achieve that with regular card, I also tried Card with States by OKViz but also unable to see both values. In KPI visual - I dont like the word "Goal", it will confuse end users. Are there any cards or other visuals that would do the job? Thanks powerbi dax powerbi-embedded share | improve this question edited Jun 11 '18 at 20:11 Oleg
Read more

Alexandru Averescu

Image
Alexandre Averescu Alexandru Averescu Naissance 3 avril 1859 Babele, Ismail  (ro) près de Izmaïl (principauté de Moldavie) Décès 2 octobre 1938 (à 79 ans) [ 1 ] Bucarest Origine   Roumanie Arme cavalerie Grade Maréchal Années de service 1901-1917 Commandement chef d'état-major général 2 e  armée 3 e  armée Groupe d'armée sud armée du Danube Conflits Guerre russo-turque de 1877-1878 Deuxième guerre balkanique Première Guerre mondiale Faits d'armes Bataille de Turtucaia/Tutrakan Bataille de Mărăști Distinctions Autres fonctions 3 fois président du Conseil des ministres ministre des Affaires étrangères ministre sans portefeuille conseiller de la Couronne modifier   Alexandre Averescu (en roumain : Alexandru Averescu .mw-parser-output .prononciation>a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/8/8a/Loudspeaker.svg/11px-Loudspeaker.svg.png")center
Read more

Trompette piccolo

Image
Ne doit pas être confondu avec trompette de poche. Trompette piccolo en si bémol, avec des branches d'embouchure différentes pour le si bémol (la plus courte) ou la (la plus longue) Trompette piccolo La trompette piccolo est la plus petite de la famille des trompettes. Elle joue une octave plus haut que la trompette standard en si bémol. La plupart des trompettes piccolo sont conçues pour jouer dans les deux tonalités de si bémol ou la, en utilisant une branche d'embouchure différente pour chaque tonalité. Le tube de la trompette piccolo en si bémol a une longueur moitié de celle de la trompette normale en si bémol. Des trompettes piccolo en sol, fa, ut sont également fabriquées, mais elles sont rares. La trompette soprano en ré, aussi connu comme la « trompette Bach », a été inventée vers 1890 par le facteur belge Victor-Charles Mahillon pour jouer les parties hautes de la trompette dans la musique de Bach et Haendel. La trompette piccolo moderne permet aux
Read more