Password safety while accessing encrypted disks

This is for discussing general topics about how to use VirtualBox.
Post Reply
RobertFord
Posts: 2
Joined: 14. Dec 2022, 16:06

Password safety while accessing encrypted disks

Post by RobertFord »

Hello! Many years ago, I had created a Windows 10 VM to use for software development, and had also encrypted it. At that time, it was running off an HDD, and was predictably very slow. Hence, I backed it up and removed it from my machine, and switched to an OS running off my bare metal machine. Recently I acquired a new powerful machine with a large SSD, and decided to revive my old Windows 10 VM. However, I had completely forgotten the disk encryption password for that VM, and I tried hundreds of different passwords while trying to access it. Finally, I found the password backed up on one of my phones, and I was able to access the VM and update it. However, one doubt entered my mind about the safety of passwords I had entered while trying to access the VM. I had entered many critical passwords while trying to unlock this encrypted disk, and was wondering how the extension pack handles the passwords, whether they are correct or not. I would like to know if the passwords get logged anywhere, or transmitted and saved somewhere. Since the encryption functionality is provided by the extension pack, and is not a part of the base product, I am unable to download the source code and study the behaviour. Hence, I am posting my query here, so that somebody with knowledge of the internal workings of the extension pack can clarify my doubt. Thank you for all your help.
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Password safety while accessing encrypted disks

Post by mpack »

The disk is encrypted using a Data Encryption Key (DEK) provided by the OS. The DEK is stored in the .vbox file in a coded form. The sole purpose of the password is to decode the stored DEK. The DEK is stored as mentioned, there is absolutely no reason for it to store the password anywhere, that would obviously be dumb. And even if someone had your password, they would need access to that VM folder (both the VDI and the vbox file).

You can't access the source code, but the logs are in plain text if you want to know what's in them. So, apart from the key logging email I get every time you type a password, you can be quite sure that it doesn't go anywhere... :twisted:
RobertFord
Posts: 2
Joined: 14. Dec 2022, 16:06

Re: Password safety while accessing encrypted disks

Post by RobertFord »

Thank you for the reply. Please don't empty my bank accounts. You may take a little, but please don't take it all. :wink: I have worked with encryption a fair bit. Please let me know the purpose of the property "CRYPT/KeyID". I guess "CRYPT/KeyStore" is the encrypted DEK, to decrypt which the password is needed. Correct me if I am wrong.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: Password safety while accessing encrypted disks

Post by fth0 »

FWIW, you can read the official documentation in Encryption of Disk Images.

AFAIR, the key ID has no special significance, but you can verify this for yourself: Part of the implementation is in the publicly available VirtualBox source code, only some core parts are in the VirtualBox Extension Pack.
Post Reply