How is it possible for user's password to be changed after storage was encrypted? (on OS X, Android)DEK, KEK...

What does "enim et" mean?

Is domain driven design an anti-SQL pattern?

Why did the Germans forbid the possession of pet pigeons in Rostov-on-Don in 1941?

Unbreakable Formation vs. Cry of the Carnarium

How is it possible for user's password to be changed after storage was encrypted? (on OS X, Android)

Need help identifying/translating a plaque in Tangier, Morocco

Is Social Media Science Fiction?

What does 'script /dev/null' do?

extract characters between two commas?

When blogging recipes, how can I support both readers who want the narrative/journey and ones who want the printer-friendly recipe?

Are white and non-white police officers equally likely to kill black suspects?

Is every set a filtered colimit of finite sets?

Can I legally use front facing blue light in the UK?

How can I fix this gap between bookcases I made?

How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy?

Is there a familial term for apples and pears?

Piano - What is the notation for a double stop where both notes in the double stop are different lengths?

Why airport relocation isn't done gradually?

Lied on resume at previous job

Why doesn't a const reference extend the life of a temporary object passed via a function?

Eliminate empty elements from a list with a specific pattern

Is it wise to focus on putting odd beats on left when playing double bass drums?

"My colleague's body is amazing"

How to create a consistent feel for character names in a fantasy setting?



How is it possible for user's password to be changed after storage was encrypted? (on OS X, Android)


DEK, KEK and Master key - simple explanationAre there actually any advantages to Android full-disk encryption?Android / CyanogenMod encryption vs GNU/LinuxEncrypted files storage. How to simplify the password management scheme?How is the FileVault master key protected?Is it possible to retrieve flash-based encrypted disks content (SSD, cellphones, USB sticks, …) after password wipe/replacement?How to correctly handle passwords for an Android appBest practice for securing encrypted content on Android appHow does Android 6 full encryption work … when it doesn't ask for the password at start time?How can Android encryption be so fast?Connection between PIN/password and encryption keys in Android






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







22















There are built-in functionalities to encrypt a storage on OS X (FileVault) and Android.



On OS X: to enable encryption current user must have a password protected account. After enabling the encryption, recovery key is generated (something like HHWj-Y8DK-ODO4-BQEN-FQ4V-M4O8). After the encryption is finished (and in all probability before that as well) user is able to change his password, without the need to re-encrypt the storage.



On Android: user is required to set lockscreen protection to either pin or password. After storage encryption is done (again, probably before that as well), user is able to change password, and even switch from password to pin and vice versa.



Now here is what puzzles me: my understanding is that when storage is encrypted, it is done with current user password (sort of like encrypting an archive) and if password is changed — the whole storage must be re-encrypted. This (apparently incorrect) understanding brings me to following questions:




  1. Based on what "key" (since it is not the password itself) encryption is done then?


    • For OS X, I am guessing, it's the recovery key, but how is it connected to the user's password then?



  2. If password is not the basis for encryption, why is it required to set one before encrypting your storage?

  3. How is ability to decrypt storage is maintained (without re-encrypting) after password is changed?






encryption passwords android disk-encryption macosx







share|improve this question









New contributor




Filipp W. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 2





    I'm pretty sure this is a duplicate, but I can't find the question I'm thinking of...

    – forest
    19 hours ago











  • @forest It could be a duplicate of this, but honestly I think that this question is better than that one. I also think I remember a question about why a user's encrypted drive was "deleted" so quickly, and it's because just the key was deleted, but I can't find it.

    – mbomb007
    7 hours ago




















22















There are built-in functionalities to encrypt a storage on OS X (FileVault) and Android.



On OS X: to enable encryption current user must have a password protected account. After enabling the encryption, recovery key is generated (something like HHWj-Y8DK-ODO4-BQEN-FQ4V-M4O8). After the encryption is finished (and in all probability before that as well) user is able to change his password, without the need to re-encrypt the storage.



On Android: user is required to set lockscreen protection to either pin or password. After storage encryption is done (again, probably before that as well), user is able to change password, and even switch from password to pin and vice versa.



Now here is what puzzles me: my understanding is that when storage is encrypted, it is done with current user password (sort of like encrypting an archive) and if password is changed — the whole storage must be re-encrypted. This (apparently incorrect) understanding brings me to following questions:




  1. Based on what "key" (since it is not the password itself) encryption is done then?


    • For OS X, I am guessing, it's the recovery key, but how is it connected to the user's password then?



  2. If password is not the basis for encryption, why is it required to set one before encrypting your storage?

  3. How is ability to decrypt storage is maintained (without re-encrypting) after password is changed?






encryption passwords android disk-encryption macosx







share|improve this question









New contributor




Filipp W. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 2





    I'm pretty sure this is a duplicate, but I can't find the question I'm thinking of...

    – forest
    19 hours ago











  • @forest It could be a duplicate of this, but honestly I think that this question is better than that one. I also think I remember a question about why a user's encrypted drive was "deleted" so quickly, and it's because just the key was deleted, but I can't find it.

    – mbomb007
    7 hours ago
















22












22








22


1






There are built-in functionalities to encrypt a storage on OS X (FileVault) and Android.



On OS X: to enable encryption current user must have a password protected account. After enabling the encryption, recovery key is generated (something like HHWj-Y8DK-ODO4-BQEN-FQ4V-M4O8). After the encryption is finished (and in all probability before that as well) user is able to change his password, without the need to re-encrypt the storage.



On Android: user is required to set lockscreen protection to either pin or password. After storage encryption is done (again, probably before that as well), user is able to change password, and even switch from password to pin and vice versa.



Now here is what puzzles me: my understanding is that when storage is encrypted, it is done with current user password (sort of like encrypting an archive) and if password is changed — the whole storage must be re-encrypted. This (apparently incorrect) understanding brings me to following questions:




  1. Based on what "key" (since it is not the password itself) encryption is done then?


    • For OS X, I am guessing, it's the recovery key, but how is it connected to the user's password then?



  2. If password is not the basis for encryption, why is it required to set one before encrypting your storage?

  3. How is ability to decrypt storage is maintained (without re-encrypting) after password is changed?






encryption passwords android disk-encryption macosx







share|improve this question









New contributor




Filipp W. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












There are built-in functionalities to encrypt a storage on OS X (FileVault) and Android.



On OS X: to enable encryption current user must have a password protected account. After enabling the encryption, recovery key is generated (something like HHWj-Y8DK-ODO4-BQEN-FQ4V-M4O8). After the encryption is finished (and in all probability before that as well) user is able to change his password, without the need to re-encrypt the storage.



On Android: user is required to set lockscreen protection to either pin or password. After storage encryption is done (again, probably before that as well), user is able to change password, and even switch from password to pin and vice versa.



Now here is what puzzles me: my understanding is that when storage is encrypted, it is done with current user password (sort of like encrypting an archive) and if password is changed — the whole storage must be re-encrypted. This (apparently incorrect) understanding brings me to following questions:




  1. Based on what "key" (since it is not the password itself) encryption is done then?


    • For OS X, I am guessing, it's the recovery key, but how is it connected to the user's password then?



  2. If password is not the basis for encryption, why is it required to set one before encrypting your storage?

  3. How is ability to decrypt storage is maintained (without re-encrypting) after password is changed?






encryption passwords android disk-encryption macosx




encryption passwords android disk-encryption macosx






share|improve this question









New contributor




Filipp W. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Filipp W. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 15 hours ago







Filipp W.













New contributor




Filipp W. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









Filipp W.Filipp W.

21828




21828




New contributor




Filipp W. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Filipp W. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Filipp W. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 2





    I'm pretty sure this is a duplicate, but I can't find the question I'm thinking of...

    – forest
    19 hours ago











  • @forest It could be a duplicate of this, but honestly I think that this question is better than that one. I also think I remember a question about why a user's encrypted drive was "deleted" so quickly, and it's because just the key was deleted, but I can't find it.

    – mbomb007
    7 hours ago
















  • 2





    I'm pretty sure this is a duplicate, but I can't find the question I'm thinking of...

    – forest
    19 hours ago











  • @forest It could be a duplicate of this, but honestly I think that this question is better than that one. I also think I remember a question about why a user's encrypted drive was "deleted" so quickly, and it's because just the key was deleted, but I can't find it.

    – mbomb007
    7 hours ago










2




2





I'm pretty sure this is a duplicate, but I can't find the question I'm thinking of...

– forest
19 hours ago





I'm pretty sure this is a duplicate, but I can't find the question I'm thinking of...

– forest
19 hours ago













@forest It could be a duplicate of this, but honestly I think that this question is better than that one. I also think I remember a question about why a user's encrypted drive was "deleted" so quickly, and it's because just the key was deleted, but I can't find it.

– mbomb007
7 hours ago







@forest It could be a duplicate of this, but honestly I think that this question is better than that one. I also think I remember a question about why a user's encrypted drive was "deleted" so quickly, and it's because just the key was deleted, but I can't find it.

– mbomb007
7 hours ago












2 Answers
2






active

oldest

votes


















40














At a high level, disk encryption is implemented using a data encryption key (DEK) and a key encryption key (KEK). The DEK is generated randomly and used to encrypt the drive, the KEK is derived from the user's password using a KDF like PBKDF2 or Argon2 and then used to encrypt the DEK.



When changing the password, the DEK is simply encrypted with a new KEK derived from the new password.



Encrypting without a password is likely prohibited to avoid a false sense of security. It'd be a bit like locking your door but leaving the key in the lock.



Of course, if you're changing your password because you believe someone figured it out, and that person also had access to the encrypted device, it's possible they stored a copy of the DEK. In this case it may be necessary to re-encrypt the entire drive, though doing so will likely take some time.






share|improve this answer



















  • 20





    It should be noted that encryption without encrypting the DEK may be useful. It allows for extremely quick secure deletion of content of the drive. Wipe they DEK, and the information stored is effectively wiped as well.

    – vidarlo
    yesterday






  • 4





    @vidarlo True, but I wouldn't expect the average user to understand this, or to need it.

    – AndrolGenhald
    yesterday











  • That, I do not disagree with :)

    – vidarlo
    yesterday











  • They don't need to understand it, but they experience crypto data wipe when they reset their iOS device, even if they don't have a passcode set. It is also useful to encrypt before a password is set to ensure that when the user enables encryption, there isn't any residual unencrypted data on disk, and the enablement is much faster. This is what Windows Bitlocker does when compatible hardware encryption is available.

    – user71659
    5 hours ago



















11














I completely agree with AndrolGenhald's high-level answer. In case you are interested in a complementary low-level walk-through of Android's storage encryption implementation:



Android can do File-Based Encryption (FBE) and Full-Disc Encryption (FDE), with "disc" referring to the /data partition. I will focus on FDE to illustrate the principle. The set-up is done by the Volume Daemon (Vold), specifically in system/vold/cryptfs.cpp.





  • cryptfs_enable_internal(int crypt_type, const char* passwd, ...) starts the storage encryption, with crypt_type specifying if a pin or password is used (to determine which keyboard to show on the unlock screen) and passwd giving the actual user pin/password. It will set up a footer crypt_ftr to be stored along the encrypted partition, then it calls create_encrypted_random_key to populate the crypt_ftr.





    • create_encrypted_random_key generates a random master key and a random salt and passes them on to encrypt_master_key.


    • encrypt_master_key uses a key-derivation function (e.g. scrypt), that takes the salt and the user pin/password as an input and deterministically derives an intermediate key. The master key is then encrypted with the intermediate key using AES-128-CBC. The encrypted master key and the salt are stored in crypt_ftr, but not the user pin/password.

    • Back in cryptfs_enable_internal, the crypt_ftr is written to the disc. Then the actual storage encryption via Linux' dm-crypt is triggered using the decrypted master key.



  • cryptfs_check_passwd(const char* passwd) starts storage decryption by backtracking the above steps to obtain the decrypted master key. The crypt_ftr has to be read from the disc, containing the encrypted master key and the salt. The user-supplied pin/password plus salt are fed into the key derivation function. This results in an intermediate key that can decrypt the master key (most of this happens in decrypt_master_key_aux).



  • cryptfs_changepw(int crypt_type, const char* newpw) handles changing the user pin/password. It will not generate a new master key, it just encrypts the existing master key via encrypt_master_key using the new user pin/password.


Based on this information, the answers to your questions would be:




  1. The randomly generated master key is used for the actual storage encryption.


  2. We need a user pin/password to encrypt the master key. Thus the user pin/password is needed to later retrieve the master key for decrypting the storage.


  3. Changing the user pin/password will not change the master key, only the encryption of the master key.







share|improve this answer










New contributor




f9c69e9781fa194211448473495534 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "162"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });






    Filipp W. is a new contributor. Be nice, and check out our Code of Conduct.










    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206979%2fhow-is-it-possible-for-users-password-to-be-changed-after-storage-was-encrypted%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    40














    At a high level, disk encryption is implemented using a data encryption key (DEK) and a key encryption key (KEK). The DEK is generated randomly and used to encrypt the drive, the KEK is derived from the user's password using a KDF like PBKDF2 or Argon2 and then used to encrypt the DEK.



    When changing the password, the DEK is simply encrypted with a new KEK derived from the new password.



    Encrypting without a password is likely prohibited to avoid a false sense of security. It'd be a bit like locking your door but leaving the key in the lock.



    Of course, if you're changing your password because you believe someone figured it out, and that person also had access to the encrypted device, it's possible they stored a copy of the DEK. In this case it may be necessary to re-encrypt the entire drive, though doing so will likely take some time.






    share|improve this answer



















    • 20





      It should be noted that encryption without encrypting the DEK may be useful. It allows for extremely quick secure deletion of content of the drive. Wipe they DEK, and the information stored is effectively wiped as well.

      – vidarlo
      yesterday






    • 4





      @vidarlo True, but I wouldn't expect the average user to understand this, or to need it.

      – AndrolGenhald
      yesterday











    • That, I do not disagree with :)

      – vidarlo
      yesterday











    • They don't need to understand it, but they experience crypto data wipe when they reset their iOS device, even if they don't have a passcode set. It is also useful to encrypt before a password is set to ensure that when the user enables encryption, there isn't any residual unencrypted data on disk, and the enablement is much faster. This is what Windows Bitlocker does when compatible hardware encryption is available.

      – user71659
      5 hours ago
















    40














    At a high level, disk encryption is implemented using a data encryption key (DEK) and a key encryption key (KEK). The DEK is generated randomly and used to encrypt the drive, the KEK is derived from the user's password using a KDF like PBKDF2 or Argon2 and then used to encrypt the DEK.



    When changing the password, the DEK is simply encrypted with a new KEK derived from the new password.



    Encrypting without a password is likely prohibited to avoid a false sense of security. It'd be a bit like locking your door but leaving the key in the lock.



    Of course, if you're changing your password because you believe someone figured it out, and that person also had access to the encrypted device, it's possible they stored a copy of the DEK. In this case it may be necessary to re-encrypt the entire drive, though doing so will likely take some time.






    share|improve this answer



















    • 20





      It should be noted that encryption without encrypting the DEK may be useful. It allows for extremely quick secure deletion of content of the drive. Wipe they DEK, and the information stored is effectively wiped as well.

      – vidarlo
      yesterday






    • 4





      @vidarlo True, but I wouldn't expect the average user to understand this, or to need it.

      – AndrolGenhald
      yesterday











    • That, I do not disagree with :)

      – vidarlo
      yesterday











    • They don't need to understand it, but they experience crypto data wipe when they reset their iOS device, even if they don't have a passcode set. It is also useful to encrypt before a password is set to ensure that when the user enables encryption, there isn't any residual unencrypted data on disk, and the enablement is much faster. This is what Windows Bitlocker does when compatible hardware encryption is available.

      – user71659
      5 hours ago














    40












    40








    40







    At a high level, disk encryption is implemented using a data encryption key (DEK) and a key encryption key (KEK). The DEK is generated randomly and used to encrypt the drive, the KEK is derived from the user's password using a KDF like PBKDF2 or Argon2 and then used to encrypt the DEK.



    When changing the password, the DEK is simply encrypted with a new KEK derived from the new password.



    Encrypting without a password is likely prohibited to avoid a false sense of security. It'd be a bit like locking your door but leaving the key in the lock.



    Of course, if you're changing your password because you believe someone figured it out, and that person also had access to the encrypted device, it's possible they stored a copy of the DEK. In this case it may be necessary to re-encrypt the entire drive, though doing so will likely take some time.






    share|improve this answer













    At a high level, disk encryption is implemented using a data encryption key (DEK) and a key encryption key (KEK). The DEK is generated randomly and used to encrypt the drive, the KEK is derived from the user's password using a KDF like PBKDF2 or Argon2 and then used to encrypt the DEK.



    When changing the password, the DEK is simply encrypted with a new KEK derived from the new password.



    Encrypting without a password is likely prohibited to avoid a false sense of security. It'd be a bit like locking your door but leaving the key in the lock.



    Of course, if you're changing your password because you believe someone figured it out, and that person also had access to the encrypted device, it's possible they stored a copy of the DEK. In this case it may be necessary to re-encrypt the entire drive, though doing so will likely take some time.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered yesterday









    AndrolGenhaldAndrolGenhald

    12.2k53138




    12.2k53138








    • 20





      It should be noted that encryption without encrypting the DEK may be useful. It allows for extremely quick secure deletion of content of the drive. Wipe they DEK, and the information stored is effectively wiped as well.

      – vidarlo
      yesterday






    • 4





      @vidarlo True, but I wouldn't expect the average user to understand this, or to need it.

      – AndrolGenhald
      yesterday











    • That, I do not disagree with :)

      – vidarlo
      yesterday











    • They don't need to understand it, but they experience crypto data wipe when they reset their iOS device, even if they don't have a passcode set. It is also useful to encrypt before a password is set to ensure that when the user enables encryption, there isn't any residual unencrypted data on disk, and the enablement is much faster. This is what Windows Bitlocker does when compatible hardware encryption is available.

      – user71659
      5 hours ago














    • 20





      It should be noted that encryption without encrypting the DEK may be useful. It allows for extremely quick secure deletion of content of the drive. Wipe they DEK, and the information stored is effectively wiped as well.

      – vidarlo
      yesterday






    • 4





      @vidarlo True, but I wouldn't expect the average user to understand this, or to need it.

      – AndrolGenhald
      yesterday











    • That, I do not disagree with :)

      – vidarlo
      yesterday











    • They don't need to understand it, but they experience crypto data wipe when they reset their iOS device, even if they don't have a passcode set. It is also useful to encrypt before a password is set to ensure that when the user enables encryption, there isn't any residual unencrypted data on disk, and the enablement is much faster. This is what Windows Bitlocker does when compatible hardware encryption is available.

      – user71659
      5 hours ago








    20




    20





    It should be noted that encryption without encrypting the DEK may be useful. It allows for extremely quick secure deletion of content of the drive. Wipe they DEK, and the information stored is effectively wiped as well.

    – vidarlo
    yesterday





    It should be noted that encryption without encrypting the DEK may be useful. It allows for extremely quick secure deletion of content of the drive. Wipe they DEK, and the information stored is effectively wiped as well.

    – vidarlo
    yesterday




    4




    4





    @vidarlo True, but I wouldn't expect the average user to understand this, or to need it.

    – AndrolGenhald
    yesterday





    @vidarlo True, but I wouldn't expect the average user to understand this, or to need it.

    – AndrolGenhald
    yesterday













    That, I do not disagree with :)

    – vidarlo
    yesterday





    That, I do not disagree with :)

    – vidarlo
    yesterday













    They don't need to understand it, but they experience crypto data wipe when they reset their iOS device, even if they don't have a passcode set. It is also useful to encrypt before a password is set to ensure that when the user enables encryption, there isn't any residual unencrypted data on disk, and the enablement is much faster. This is what Windows Bitlocker does when compatible hardware encryption is available.

    – user71659
    5 hours ago





    They don't need to understand it, but they experience crypto data wipe when they reset their iOS device, even if they don't have a passcode set. It is also useful to encrypt before a password is set to ensure that when the user enables encryption, there isn't any residual unencrypted data on disk, and the enablement is much faster. This is what Windows Bitlocker does when compatible hardware encryption is available.

    – user71659
    5 hours ago













    11














    I completely agree with AndrolGenhald's high-level answer. In case you are interested in a complementary low-level walk-through of Android's storage encryption implementation:



    Android can do File-Based Encryption (FBE) and Full-Disc Encryption (FDE), with "disc" referring to the /data partition. I will focus on FDE to illustrate the principle. The set-up is done by the Volume Daemon (Vold), specifically in system/vold/cryptfs.cpp.





    • cryptfs_enable_internal(int crypt_type, const char* passwd, ...) starts the storage encryption, with crypt_type specifying if a pin or password is used (to determine which keyboard to show on the unlock screen) and passwd giving the actual user pin/password. It will set up a footer crypt_ftr to be stored along the encrypted partition, then it calls create_encrypted_random_key to populate the crypt_ftr.





      • create_encrypted_random_key generates a random master key and a random salt and passes them on to encrypt_master_key.


      • encrypt_master_key uses a key-derivation function (e.g. scrypt), that takes the salt and the user pin/password as an input and deterministically derives an intermediate key. The master key is then encrypted with the intermediate key using AES-128-CBC. The encrypted master key and the salt are stored in crypt_ftr, but not the user pin/password.

      • Back in cryptfs_enable_internal, the crypt_ftr is written to the disc. Then the actual storage encryption via Linux' dm-crypt is triggered using the decrypted master key.



    • cryptfs_check_passwd(const char* passwd) starts storage decryption by backtracking the above steps to obtain the decrypted master key. The crypt_ftr has to be read from the disc, containing the encrypted master key and the salt. The user-supplied pin/password plus salt are fed into the key derivation function. This results in an intermediate key that can decrypt the master key (most of this happens in decrypt_master_key_aux).



    • cryptfs_changepw(int crypt_type, const char* newpw) handles changing the user pin/password. It will not generate a new master key, it just encrypts the existing master key via encrypt_master_key using the new user pin/password.


    Based on this information, the answers to your questions would be:




    1. The randomly generated master key is used for the actual storage encryption.


    2. We need a user pin/password to encrypt the master key. Thus the user pin/password is needed to later retrieve the master key for decrypting the storage.


    3. Changing the user pin/password will not change the master key, only the encryption of the master key.







    share|improve this answer










    New contributor




    f9c69e9781fa194211448473495534 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.

























      11














      I completely agree with AndrolGenhald's high-level answer. In case you are interested in a complementary low-level walk-through of Android's storage encryption implementation:



      Android can do File-Based Encryption (FBE) and Full-Disc Encryption (FDE), with "disc" referring to the /data partition. I will focus on FDE to illustrate the principle. The set-up is done by the Volume Daemon (Vold), specifically in system/vold/cryptfs.cpp.





      • cryptfs_enable_internal(int crypt_type, const char* passwd, ...) starts the storage encryption, with crypt_type specifying if a pin or password is used (to determine which keyboard to show on the unlock screen) and passwd giving the actual user pin/password. It will set up a footer crypt_ftr to be stored along the encrypted partition, then it calls create_encrypted_random_key to populate the crypt_ftr.





        • create_encrypted_random_key generates a random master key and a random salt and passes them on to encrypt_master_key.


        • encrypt_master_key uses a key-derivation function (e.g. scrypt), that takes the salt and the user pin/password as an input and deterministically derives an intermediate key. The master key is then encrypted with the intermediate key using AES-128-CBC. The encrypted master key and the salt are stored in crypt_ftr, but not the user pin/password.

        • Back in cryptfs_enable_internal, the crypt_ftr is written to the disc. Then the actual storage encryption via Linux' dm-crypt is triggered using the decrypted master key.



      • cryptfs_check_passwd(const char* passwd) starts storage decryption by backtracking the above steps to obtain the decrypted master key. The crypt_ftr has to be read from the disc, containing the encrypted master key and the salt. The user-supplied pin/password plus salt are fed into the key derivation function. This results in an intermediate key that can decrypt the master key (most of this happens in decrypt_master_key_aux).



      • cryptfs_changepw(int crypt_type, const char* newpw) handles changing the user pin/password. It will not generate a new master key, it just encrypts the existing master key via encrypt_master_key using the new user pin/password.


      Based on this information, the answers to your questions would be:




      1. The randomly generated master key is used for the actual storage encryption.


      2. We need a user pin/password to encrypt the master key. Thus the user pin/password is needed to later retrieve the master key for decrypting the storage.


      3. Changing the user pin/password will not change the master key, only the encryption of the master key.







      share|improve this answer










      New contributor




      f9c69e9781fa194211448473495534 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.























        11












        11








        11







        I completely agree with AndrolGenhald's high-level answer. In case you are interested in a complementary low-level walk-through of Android's storage encryption implementation:



        Android can do File-Based Encryption (FBE) and Full-Disc Encryption (FDE), with "disc" referring to the /data partition. I will focus on FDE to illustrate the principle. The set-up is done by the Volume Daemon (Vold), specifically in system/vold/cryptfs.cpp.





        • cryptfs_enable_internal(int crypt_type, const char* passwd, ...) starts the storage encryption, with crypt_type specifying if a pin or password is used (to determine which keyboard to show on the unlock screen) and passwd giving the actual user pin/password. It will set up a footer crypt_ftr to be stored along the encrypted partition, then it calls create_encrypted_random_key to populate the crypt_ftr.





          • create_encrypted_random_key generates a random master key and a random salt and passes them on to encrypt_master_key.


          • encrypt_master_key uses a key-derivation function (e.g. scrypt), that takes the salt and the user pin/password as an input and deterministically derives an intermediate key. The master key is then encrypted with the intermediate key using AES-128-CBC. The encrypted master key and the salt are stored in crypt_ftr, but not the user pin/password.

          • Back in cryptfs_enable_internal, the crypt_ftr is written to the disc. Then the actual storage encryption via Linux' dm-crypt is triggered using the decrypted master key.



        • cryptfs_check_passwd(const char* passwd) starts storage decryption by backtracking the above steps to obtain the decrypted master key. The crypt_ftr has to be read from the disc, containing the encrypted master key and the salt. The user-supplied pin/password plus salt are fed into the key derivation function. This results in an intermediate key that can decrypt the master key (most of this happens in decrypt_master_key_aux).



        • cryptfs_changepw(int crypt_type, const char* newpw) handles changing the user pin/password. It will not generate a new master key, it just encrypts the existing master key via encrypt_master_key using the new user pin/password.


        Based on this information, the answers to your questions would be:




        1. The randomly generated master key is used for the actual storage encryption.


        2. We need a user pin/password to encrypt the master key. Thus the user pin/password is needed to later retrieve the master key for decrypting the storage.


        3. Changing the user pin/password will not change the master key, only the encryption of the master key.







        share|improve this answer










        New contributor




        f9c69e9781fa194211448473495534 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        I completely agree with AndrolGenhald's high-level answer. In case you are interested in a complementary low-level walk-through of Android's storage encryption implementation:



        Android can do File-Based Encryption (FBE) and Full-Disc Encryption (FDE), with "disc" referring to the /data partition. I will focus on FDE to illustrate the principle. The set-up is done by the Volume Daemon (Vold), specifically in system/vold/cryptfs.cpp.





        • cryptfs_enable_internal(int crypt_type, const char* passwd, ...) starts the storage encryption, with crypt_type specifying if a pin or password is used (to determine which keyboard to show on the unlock screen) and passwd giving the actual user pin/password. It will set up a footer crypt_ftr to be stored along the encrypted partition, then it calls create_encrypted_random_key to populate the crypt_ftr.





          • create_encrypted_random_key generates a random master key and a random salt and passes them on to encrypt_master_key.


          • encrypt_master_key uses a key-derivation function (e.g. scrypt), that takes the salt and the user pin/password as an input and deterministically derives an intermediate key. The master key is then encrypted with the intermediate key using AES-128-CBC. The encrypted master key and the salt are stored in crypt_ftr, but not the user pin/password.

          • Back in cryptfs_enable_internal, the crypt_ftr is written to the disc. Then the actual storage encryption via Linux' dm-crypt is triggered using the decrypted master key.



        • cryptfs_check_passwd(const char* passwd) starts storage decryption by backtracking the above steps to obtain the decrypted master key. The crypt_ftr has to be read from the disc, containing the encrypted master key and the salt. The user-supplied pin/password plus salt are fed into the key derivation function. This results in an intermediate key that can decrypt the master key (most of this happens in decrypt_master_key_aux).



        • cryptfs_changepw(int crypt_type, const char* newpw) handles changing the user pin/password. It will not generate a new master key, it just encrypts the existing master key via encrypt_master_key using the new user pin/password.


        Based on this information, the answers to your questions would be:




        1. The randomly generated master key is used for the actual storage encryption.


        2. We need a user pin/password to encrypt the master key. Thus the user pin/password is needed to later retrieve the master key for decrypting the storage.


        3. Changing the user pin/password will not change the master key, only the encryption of the master key.








        share|improve this answer










        New contributor




        f9c69e9781fa194211448473495534 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer








        edited yesterday





















        New contributor




        f9c69e9781fa194211448473495534 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered yesterday









        f9c69e9781fa194211448473495534f9c69e9781fa194211448473495534

        1194




        1194




        New contributor




        f9c69e9781fa194211448473495534 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        f9c69e9781fa194211448473495534 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        f9c69e9781fa194211448473495534 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






















            Filipp W. is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            Filipp W. is a new contributor. Be nice, and check out our Code of Conduct.













            Filipp W. is a new contributor. Be nice, and check out our Code of Conduct.












            Filipp W. is a new contributor. Be nice, and check out our Code of Conduct.
















            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f206979%2fhow-is-it-possible-for-users-password-to-be-changed-after-storage-was-encrypted%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Installing LyX: “No textclass is found.”LyX installation error- text class not found- 'Reconfigure' or...

            Image
            How is it possible for user to changed after storage was encrypted? (on OS X, Android) How can bays and straits be determined in a procedurally generated map? Why Is Death Allowed In the Matrix? A function which translates a sentence to title-case How is it possible to have an ability score that is less than 3? TGV timetables / schedules? What is the command to reset a PC without deleting any files Why don't electron-positron collisions release infinite energy? How do we improve the relationship with a client software team that performs poorly and is becoming less collaborative? Continuity at a point in terms of closure ...
            Read more

            (1602) Indiana Índice Designación y nombre Características orbitales Véase...

            Asteroides del cinturón principalObjetos astronómicos descubiertos por el Indiana Asteroid ProgramObjetos astronómicos descubiertos desde el Observatorio Goethe LinkObjetos astronómicos descubiertos en 1950 asteroidecinturón de asteroidesIndiana Asteroid Programobservatorio Goethe LinkIndianaua (1602) Indiana Descubrimiento Descubridor Indiana Asteroid Program Fecha 14 de marzo de 1950 Lugar Brooklyn Designaciones 1943 DJ, 1950 GF, 1975 XR Nombre provisional 1950 GF Categoría Cinturón de asteroides Elementos orbitales Longitud del nodo ascendente 75,15° Inclinación 4,162° Argumento del periastro 73,23° Semieje mayor 2,245 ua Excentricidad 0,1041 Anomalía media 124,4° Elementos orbitales derivados Época 2457000,5 (09/12/2014) TDB [ 1 ] ​ Periastro o perihelio 2,011 ua Apoastro o afelio 2,478 ua Período orbital sideral 1228 días Características físicas Periodo de rotación 2,601 horas ...
            Read more

            Universidad Autónoma de Occidente Índice Historia Campus Facultades Programas Académicos Medios de...

            Image
            Universidades de CaliUniversidades privadas de ColombiaInstituciones de Educación Superior de Colombia acreditadas Ministerio de Educación de Colombia19996 de septiembreConsejo Nacional de AcreditaciónMinisterio de EducaciónColciencias198319861979199612 de julio1999Sociedad Interamericana de Prensa1993Universidad Carlos III de MadridUniversidad del Cauca197119781999Escuela de MonitoresOGEGrupo GescomGrupo GescomGrupo Gaia Universidad Autónoma de Occidente Acrónimo UAO Alias La Autónoma Lema Vive el conocimiento, construye tu vida [ 1 ] ​ Tipo Privada Fundación 20 de febrero de 1970 (49 años) Localización Dirección Cl 25 # 115-85 Km. 2 vía Cali - Jamundí   Cali,   Valle del Cauca, Colombia   Colombia Campus Valle del Lilí 122,253 kilómetros cuadrados (12 225,3 ha) Coordenadas 3°21′14″N 76°31′22″O  /  3.35389, -76.5228 Coordenadas: 3°21′14″N 76°31′22″O  /  3.35389, -76.5228 Otras sedes San Fernando (Cali) Candelaria El Cerrit...
            Read more