My team at work was recently working on encrypting some hard drives using Micros

Question

My team at work was recently working on encrypting some hard drives using Microsoft's BitLocker on Windows 7 hosts. The initial encryption for the 2TB drives took several hours to complete. This is all fine and dandy.

What is concerning me however, is that upon changing the password, the process was instantaneous. This doesn't make sense to me, since I assumed that BitLocker was using my provided password (or some hashed derivative) to actually perform the encryption. If that were the case, then the drive should require complete decryption followed by re-encryption (a several hour process, right?).

So how does BitLocker actually encrypt the data? Does it use some secret value hidden in the depths of the Windows code to perform the encryption? And if so, is my password merely a check to see if Windows will permit decrypting? If so, what protection am I really getting from BitLocker, since a stored encryption key is a breakable encryption key...

Explanation / Answer

BitLocker uses something called surrogate keys. The data on the disk is encrypted with a random key (surrogate key), and that key is then encrypted with a second key derived from your password (header key). The encrypted surrogate key is then stored in the volume header.

When you type your password in, the system derives the header key from it, then uses that to decrypt the surrogate key, which is in turn used to decrypt the data. Changing your password just re-encrypts that volume header with a new header key, rather than the entire disk.

Related Questions

Navigate

• Browse (All)
• Browse M
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.