Does a change of the lock screen password also change the device encryption key?

Open_Source_Enjoyer

If you use a relative weak PIN during setup and later switch to a stronger password/passphrase, is the encryption key derived from the weak PIN also altered, or does it stay consistent and so maybe make it possible to be somehow derived from the old weak PIN?

raccoondad

Open_Source_Enjoyer "key derived from the weak PIN"

Its not derived from the PIN, its derived from the token + pin if I am not mistaken. At the very least, the token from the security element is an aspect of the key transformation function.

It stays consistent, assumedly, since rencryption doesn't occur (same as how LUKS master key isn't changed when you change the keyslot password, rencryption is a seperate function). The key can't be derived from the PIN alone.

1fexd

Open_Source_Enjoyer Encryption keys are never derived from the lockscreen credential; Instead, the system generates a synthetic password (SP) for each user which is protected by the LSKF (lockscreen credential knowledge factor) (source.android.com)

Open_Source_Enjoyer

raccoondad Its not derived from the PIN, its derived from the token + pin if I am not mistaken.

If its derived from the PIN then changing the PIN would also force a change of the key because otherwise you can't derive the key anymore.

1fexd Encryption keys are never derived from the lockscreen credential; Instead, the system generates a synthetic password (SP) for each user which is protected by the LSKF (lockscreen credential knowledge factor) (source.android.com)

And is this protection of the synthetic password done in a way that the old LSKF can't lead to the synthetic password after the lockscreen method is changed?

raccoondad

Open_Source_Enjoyer If its derived from the PIN then changing the PIN would also force a change of the key because otherwise you can't derive the key anymore.

True, all I know is the token from the Titan M chip is responsible for key derivation

raccoondad

Open_Source_Enjoyer after the lockscreen method is changed?

That's handled by the Titan M chip, which protects against that. Yes

ryrona

A little bit simplified, it works like this:

weaver_token = GetFromSecurityChip(profile_id, H(your PIN or passphrase + "some static string")
hashed_passphrase = H(your PIN or passphrase + "some other static string")
decrypt_key = H(hashed_passphrase + weaver_token)

disk_encryption_key = Decrypt(data=encrypted key stored on disk, key=decrypt_key)

In other words, the disk encryption key itself is stored on disk, but it is encrypted by a key derived from your current PIN or passphrase.

When you change your PIN or passphrase, the disk encryption key is decrypted with the old PIN or passphrase (old hashed_passphrase above), and then re-encrypted with the new one. I assume a new weaver token is generated and stored on the security chip. The actual disk encryption key itself doesn't change, and doesn't need to change.

The old version of the encrypted disk encryption key is supposedly erased from disk in a secure way. I am uncertain how this is implemented, since you in general cannot securely erase things from flash based storage. The old weaver token is also securely erased from the security chip, in a way that makes it impossible to recover. This should be actually secure, and is thus also what provides the actual security, as without the weaver token, one cannot decrypt the disk encryption key even if one knows your PIN or passphrase, or in this case, your old PIN or passphrase. This of course assumes they generated a new fresh weaver token, which is a detail I am not certain about, but would reasonably assume.

raccoondad

ryrona king post, thank you for that clarification I fumbled it