Does changing the encryption password imply rewriting all the data?
up vote
27
down vote
favorite
Let's say I have 1 TB of data on a partition encrypted with BitLocker, TrueCrypt or VeraCrypt.
Does changing the encryption password imply rewriting all the data (i.e., will it take hours/days)?
windows encryption bitlocker disk-encryption
edited 5 hours ago
Run5k
10.5k72749
asked yesterday
Basj
630528
add a comment |
up vote
27
down vote
favorite
Let's say I have 1 TB of data on a partition encrypted with BitLocker, TrueCrypt or VeraCrypt.
Does changing the encryption password imply rewriting all the data (i.e., will it take hours/days)?
windows encryption bitlocker disk-encryption
edited 5 hours ago
Run5k
10.5k72749
asked yesterday
Basj
630528
For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
– usr-local-ΕΨΗΕΛΩΝ
12 hours ago
1
Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
– Xen2050
10 hours ago
2
Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
– Clockwork-Muse
4 hours ago
@Clockwork-Muse Still better than encrypt them with the original short key.
– gvgramazio
4 hours ago
add a comment |
up vote
27
down vote
favorite
up vote
27
down vote
favorite
Let's say I have 1 TB of data on a partition encrypted with BitLocker, TrueCrypt or VeraCrypt.
Does changing the encryption password imply rewriting all the data (i.e., will it take hours/days)?
windows encryption bitlocker disk-encryption
edited 5 hours ago
Run5k
10.5k72749
asked yesterday
Basj
630528
Let's say I have 1 TB of data on a partition encrypted with BitLocker, TrueCrypt or VeraCrypt.
Does changing the encryption password imply rewriting all the data (i.e., will it take hours/days)?
windows encryption bitlocker disk-encryption
windows encryption bitlocker disk-encryption
edited 5 hours ago
Run5k
10.5k72749
asked yesterday
Basj
630528
edited 5 hours ago
Run5k
10.5k72749
asked yesterday
Basj
630528
edited 5 hours ago
Run5k
10.5k72749
edited 5 hours ago
Run5k
10.5k72749
edited 5 hours ago
Run5k
10.5k72749
10.5k72749
asked yesterday
Basj
630528
asked yesterday
Basj
630528
asked yesterday
Basj
630528
630528
For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
– usr-local-ΕΨΗΕΛΩΝ
12 hours ago
1
Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
– Xen2050
10 hours ago
2
Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
– Clockwork-Muse
4 hours ago
@Clockwork-Muse Still better than encrypt them with the original short key.
– gvgramazio
4 hours ago
add a comment |
For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
– usr-local-ΕΨΗΕΛΩΝ
12 hours ago
1
Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
– Xen2050
10 hours ago
2
Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
– Clockwork-Muse
4 hours ago
@Clockwork-Muse Still better than encrypt them with the original short key.
– gvgramazio
4 hours ago
For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
– usr-local-ΕΨΗΕΛΩΝ
12 hours ago
For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
– usr-local-ΕΨΗΕΛΩΝ
12 hours ago
1
1
Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
– Xen2050
10 hours ago
Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
– Xen2050
10 hours ago
2
2
Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
– Clockwork-Muse
4 hours ago
Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
– Clockwork-Muse
4 hours ago
@Clockwork-Muse Still better than encrypt them with the original short key.
– gvgramazio
4 hours ago
@Clockwork-Muse Still better than encrypt them with the original short key.
– gvgramazio
4 hours ago
add a comment |
2 Answers
2
active
oldest
votes
up vote
41
down vote
accepted
No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.
(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)
answered yesterday
grawity
228k35479540
Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
– Basj
yesterday
1
I don't have any useful links at hand, but see Twisty's answer regarding that.
– grawity
yesterday
Then the next question is obvious: is it possible to change the master key?
– gvgramazio
4 hours ago
add a comment |
up vote
22
down vote
Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.
For example, here's how BitLocker implements this (it actually uses three "layers" of keys):
- Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.
- The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.
- The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.
The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:
More information about this process can be found on TechNet.
answered yesterday
Twisty Impersonator
17k126092
1
Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
– Matija Nalis
1 hour ago
Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
– Twisty Impersonator
1 hour ago
yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
– Matija Nalis
47 mins ago
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
41
down vote
accepted
No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.
(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)
answered yesterday
grawity
228k35479540
Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
– Basj
yesterday
1
I don't have any useful links at hand, but see Twisty's answer regarding that.
– grawity
yesterday
Then the next question is obvious: is it possible to change the master key?
– gvgramazio
4 hours ago
add a comment |
up vote
41
down vote
accepted
No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.
(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)
answered yesterday
grawity
228k35479540
Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
– Basj
yesterday
1
I don't have any useful links at hand, but see Twisty's answer regarding that.
– grawity
yesterday
Then the next question is obvious: is it possible to change the master key?
– gvgramazio
4 hours ago
add a comment |
up vote
41
down vote
accepted
up vote
41
down vote
accepted
No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.
(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)
answered yesterday
grawity
228k35479540
No. Your password is used to encrypt only the master key. When you change the password, the master key is reencrypted but itself does not change.
(This is how some systems, such as BitLocker or LUKS, are able to have multiple passwords for the same disk: they still use a single master key for all data, but just store multiple copies of the master key encrypted with different passwords.)
answered yesterday
grawity
228k35479540
edited 16 hours ago
answered yesterday
grawity
228k35479540
answered yesterday
grawity
228k35479540
answered yesterday
grawity
228k35479540
228k35479540
Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
– Basj
yesterday
1
I don't have any useful links at hand, but see Twisty's answer regarding that.
– grawity
yesterday
Then the next question is obvious: is it possible to change the master key?
– gvgramazio
4 hours ago
add a comment |
Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
– Basj
yesterday
1
I don't have any useful links at hand, but see Twisty's answer regarding that.
– grawity
yesterday
Then the next question is obvious: is it possible to change the master key?
– gvgramazio
4 hours ago
Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
– Basj
yesterday
Thank you very much! Would you have a link with details about that? Is the master key saved (encrypted by password) at the beginning (very first bytes) of the partition?
– Basj
yesterday
1
1
I don't have any useful links at hand, but see Twisty's answer regarding that.
– grawity
yesterday
I don't have any useful links at hand, but see Twisty's answer regarding that.
– grawity
yesterday
Then the next question is obvious: is it possible to change the master key?
– gvgramazio
4 hours ago
Then the next question is obvious: is it possible to change the master key?
– gvgramazio
4 hours ago
add a comment |
up vote
22
down vote
Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.
For example, here's how BitLocker implements this (it actually uses three "layers" of keys):
- Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.
- The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.
- The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.
The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:
More information about this process can be found on TechNet.
answered yesterday
Twisty Impersonator
17k126092
1
Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
– Matija Nalis
1 hour ago
Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
– Twisty Impersonator
1 hour ago
yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
– Matija Nalis
47 mins ago
add a comment |
up vote
22
down vote
Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.
For example, here's how BitLocker implements this (it actually uses three "layers" of keys):
- Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.
- The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.
- The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.
The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:
More information about this process can be found on TechNet.
answered yesterday
Twisty Impersonator
17k126092
1
Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
– Matija Nalis
1 hour ago
Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
– Twisty Impersonator
1 hour ago
yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
– Matija Nalis
47 mins ago
add a comment |
up vote
22
down vote
up vote
22
down vote
Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.
For example, here's how BitLocker implements this (it actually uses three "layers" of keys):
- Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.
- The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.
- The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.
The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:
More information about this process can be found on TechNet.
answered yesterday
Twisty Impersonator
17k126092
Grawity's answer is correct. Because encrypting data is a relatively expensive process, it makes more sense to create a single master key that does not change during the lifetime of the encrypted data. This master key can then in turn be encrypted by one or more secondary keys, which can then be flexibly changed at will.
For example, here's how BitLocker implements this (it actually uses three "layers" of keys):
- Data written to a BitLocker-protected volume is encrypted with a full-volume encryption key (FVEK). This key does not change until BitLocker is completely removed from a volume.
- The FVEK is encrypted with the volume master key (VMK) then stored (in its encrypted form) in the volume's metadata.
- The VMK in turn is encrypted with one or more key protectors, such as a PIN/password.
The following picture shows the process of accessing an encrypted system disk on a machine with BitLocker full volume encryption enabled:
More information about this process can be found on TechNet.
answered yesterday
Twisty Impersonator
17k126092
edited 22 hours ago
answered yesterday
Twisty Impersonator
17k126092
answered yesterday
Twisty Impersonator
17k126092
answered yesterday
Twisty Impersonator
17k126092
17k126092
1
Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
– Matija Nalis
1 hour ago
Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
– Twisty Impersonator
1 hour ago
yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
– Matija Nalis
47 mins ago
add a comment |
1
Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
– Matija Nalis
1 hour ago
Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
– Twisty Impersonator
1 hour ago
yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
– Matija Nalis
47 mins ago
1
1
Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
– Matija Nalis
1 hour ago
Note: this also means that if anyone inclined enough to get copy of decrypted FVEK while they had (perhaps legitimate) access will continue to have unrestricted access to encrypted data if they come into contact with that encrypted disk, no mater how many times you change your PIN/password/VMK. Which is rather unfortunate (IOW, most times you change your passphrase, you should instead be doing full backup/wipe/recreate with new passphrase/restore cycle manually if you want protection from such cases.)
– Matija Nalis
1 hour ago
Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
– Twisty Impersonator
1 hour ago
Quite true, though for this to be the case one would need either physical access or remote access with administrative rights. If an attacker has either of these...well, enough said.
– Twisty Impersonator
1 hour ago
yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
– Matija Nalis
47 mins ago
yes, I was thinking physical access. Full disk encryption in irrelevant from security perspective while machine is running and disk is unlocked, anyway. However, it is supposed to protect your sensitive data if machine is off and lost or stolen (think laptop in taxi or airport), tampered with (think maid paid to give access in hotel room while owner is out), or hardware-failed or about to be decommissioned - now you'll still have to do the degaussing, physical shredding and incinerating of hardware instead of just recycling it (or giving to employees or selling on ebay etc)
– Matija Nalis
47 mins ago
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377595%2fdoes-changing-the-encryption-password-imply-rewriting-all-the-data%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
For the record: Windows Bitlocker has no procedure to explicitly "rewrite" data. You must decrypt and re-encrypt the disk
– usr-local-ΕΨΗΕΛΩΝ
12 hours ago
1
Related to virtually wiping an entire encrypted disk by just erasing it's key, like some encrypting hard drives can do a nearly instantaneous "wipe" of terabytes
– Xen2050
10 hours ago
2
Related to this (although neither answer mentions it): user-chosen passwords will be both too short, and have terrible entropy (too easily guessable). So the drive is encrypted with a good key... and then the encryption key is protected with a terrible one (ah well).
– Clockwork-Muse
4 hours ago
@Clockwork-Muse Still better than encrypt them with the original short key.
– gvgramazio
4 hours ago