Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Is it Possible to Change a Password Without Re-encrypting an Encrypted Disk?

//
How is it possible that you can change your Windows password without re-encrypting a hard disk that was encrypted using that password?

I’ll assume you mean BitLocker whole-disk encryption, but the concept applies to many different encryption tools. You can often change the password (or passphrase) without needing to re-encrypt whatever it is you’ve encrypted.

The secret is simply this: your password wasn’t used to encrypt the disk.

Something else was.

Become a Patron of Ask Leo! and go ad-free!

Encryption keys

I can’t say specifically how any operating system or encryption tool implements the concept, but it’s not an uncommon concept.

It generally works like this:

When you first encrypt a disk, an encryption key is manufactured for you. It’s a key you never see. It’s generally what referred to as a “128-bit” or “256-bit” encryption key. It’s not even something you would recognize as text — it’s a purely random1 binary number.

This encryption key is used to encrypt your data, not your password. In fact, your password hasn’t even been involved yet.

That randomly-generated encryption key is itself then encrypted using your password (or some number based on your password). That encrypted encryption key is then stored somewhere — usually in your user profile on Windows.

Your password unlocks the key, which unlocks the data
Your password unlocks the key, which unlocks the data.

Decrypting your data

When you successfully log in, you provide your password2.

This password (or that number based on your password), can then be used to decrypt the hard disk encryption key and make it available.

That encryption key can then, in turn, be used to decrypt the data on your hard drive.

Changing your password

When you change your login password, all the system has to do is

  1. decrypt the encrypted encryption key using your old password
  2. re-encrypt it using the new password

The actual key used to decrypt your hard disk never changed.

If you needed to change the encryption key used to actually encrypt your data, you would need to decrypt it completely and then re-encrypt. For example, you might turn BitLocker off and then back on again. Turning it back on would cause a new completely random encryption key to be generated, which in turn would be secured in your Windows profile, using your password.

Saving the key

I lied about not being able to see the key, at least when it comes to BitLocker.

When setting up a BitLocker encrypted drive, you’ll be encouraged to save a recovery key.

Back up your recovery key!
Back up your recovery key!

Again, while I can’t confirm the exact inner workings of BitLocker, it’s very likely that this is the key generated and used to encrypt the data on your hard drive.

Podcast audio

Play

Video Narration

Footnotes

1: This is one of the reasons true computer-generated random numbers are so important. If the generated key could be predicted, it loses its security.

2: Or something else to prove you are you. Even if you don’t specify your password specifically, you’ve specified enough for Windows to be able to proceed with our example.

3 comments on “How Is it Possible to Change a Password Without Re-encrypting an Encrypted Disk?”

  1. I didn’t see any specific instructions on how to change a BitLocker password. Is that do-able without decrypting the drive? Does it make a difference whether the drive is UEFI controlled or not? Thanks!

    • If you’re using whole-disk encryption, then the article applies- you just change your login password.
      For others I believe you must first decrypt then re=encrypt with the new password.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.