2

I recently added a pin to my bitlocker encryption and this seemed to be pretty much instant. In what way is this pin an actual part of the key that is needed to decrypt the hard drive? Or is it used to decrypt the actual key itself (in combination with information from the TPM) before decrypting the actual hard drive?

Sebastiaan van den Broek
  • 257
  • 2
  • 12

1 Answers1

4

Bitlocker uses an encrypted key stored on the disk, wrapped with one or more encryption keys. This could be a key stored in the TPM, protected with the PIN, or the full Bitlocker encryption passphrase (startup password). Which keys are available depends on the configuration you have setup.

I'm not aware of any FDE scheme that derives the actual encryption key from any user input (passphrase, PIN, etc.). Doing so would make it impossible to change the passphrase without re-encrypting the data, which is time consuming, not great for SSDs (wear leveling) and not to mention the mess created if your computer crashes mid re-encryption!

For example, Truecrypt has a header area including the master key that is encrypted with another key derived from the passphrase. PBKDF2 is used on the user passphrase to derive an AES key. This AES key is used to decrypt the header and receive the master key, which encrypts all of the data. If the passphrase is changed, only the header needs to be re-encrypted.

David
  • 15,814
  • 3
  • 48
  • 73
  • Oh that’s interesting, I thought with Truecrypt it used to be the case that the key was derived from the passphrase, indeed making it something that couldn’t be changed. But even there the actual key is not dependent on the passphrase then? And what exactly do you mean with ‘wrapped’? How is this encryption key protected? – Sebastiaan van den Broek Jan 17 '18 at 06:30
  • I've added some details on the Truecrypt format to my post. – David Jan 17 '18 at 06:34