Question:
What makes password changes fast on encrypted drives?
?
2014-02-19 11:45:21 UTC
When a person encrypts their hard drive with a password, say using an AES-256 key, all of the data is encrypted with this key. However when you want to change passwords, doesn't all the data need to be re-encrypted with the new key? I feel like if this was a large drive, resetting the password would take quite a bit of time since re-encryption needs to happen again. What is done that can make the password change so fast?

Is it that the drive is abstracted into a single directory, and this directory is encrypted?
Three answers:
2014-02-19 11:54:24 UTC
Yes... the data will be re-encrypted... or encrypted all over with new key.



The only way to make the encryption faster is to use a less secure encryption method



DES will encrypt faster then AES
Bigger Dripper
2014-10-03 18:10:06 UTC
I will offer a theory, which is that the re-encryption is done in the background. While the re-encryption is in progress, the system maintains the "old" key and the "new" key. While other processes continue to run, the disk is sequentially re-encrypted block-by-block. A pointer keeps track of what is the lowest block that's been encrypted with the new key. When an applications reads or writes a block, either the old key or the new key is used, depending on whether the block is above or below the pointer.



In order to avoid data loss in the event the system crashes or loses power while the disk is being re-encrypted, each block needs to be written to a reserved location on the disk. Until the re-encryption completes, a new key cannot be provided.



Re-encryption may be artificially paced in order to minimize impact on system performance, though this will increase the time it takes for the re-encryption process to complete.
?
2014-02-19 11:52:51 UTC
Just a guess, but possibly the entire drive is encrypted with a very long random key, and then that key is encrypted with the short human-readable one.

(taht's what happens with SSL encryption on the web - or rather, the very long symmetric key is encrypted with a slower public-key system key in the certificate)


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Continue reading on narkive:
Loading...