Password safety while accessing encrypted disks
-
- Posts: 2
- Joined: 14. Dec 2022, 16:06
Password safety while accessing encrypted disks
Hello! Many years ago, I had created a Windows 10 VM to use for software development, and had also encrypted it. At that time, it was running off an HDD, and was predictably very slow. Hence, I backed it up and removed it from my machine, and switched to an OS running off my bare metal machine. Recently I acquired a new powerful machine with a large SSD, and decided to revive my old Windows 10 VM. However, I had completely forgotten the disk encryption password for that VM, and I tried hundreds of different passwords while trying to access it. Finally, I found the password backed up on one of my phones, and I was able to access the VM and update it. However, one doubt entered my mind about the safety of passwords I had entered while trying to access the VM. I had entered many critical passwords while trying to unlock this encrypted disk, and was wondering how the extension pack handles the passwords, whether they are correct or not. I would like to know if the passwords get logged anywhere, or transmitted and saved somewhere. Since the encryption functionality is provided by the extension pack, and is not a part of the base product, I am unable to download the source code and study the behaviour. Hence, I am posting my query here, so that somebody with knowledge of the internal workings of the extension pack can clarify my doubt. Thank you for all your help.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Password safety while accessing encrypted disks
The disk is encrypted using a Data Encryption Key (DEK) provided by the OS. The DEK is stored in the .vbox file in a coded form. The sole purpose of the password is to decode the stored DEK. The DEK is stored as mentioned, there is absolutely no reason for it to store the password anywhere, that would obviously be dumb. And even if someone had your password, they would need access to that VM folder (both the VDI and the vbox file).
You can't access the source code, but the logs are in plain text if you want to know what's in them. So, apart from the key logging email I get every time you type a password, you can be quite sure that it doesn't go anywhere...
You can't access the source code, but the logs are in plain text if you want to know what's in them. So, apart from the key logging email I get every time you type a password, you can be quite sure that it doesn't go anywhere...
-
- Posts: 2
- Joined: 14. Dec 2022, 16:06
Re: Password safety while accessing encrypted disks
Thank you for the reply. Please don't empty my bank accounts. You may take a little, but please don't take it all. I have worked with encryption a fair bit. Please let me know the purpose of the property "CRYPT/KeyID". I guess "CRYPT/KeyStore" is the encrypted DEK, to decrypt which the password is needed. Correct me if I am wrong.
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: Password safety while accessing encrypted disks
FWIW, you can read the official documentation in Encryption of Disk Images.
AFAIR, the key ID has no special significance, but you can verify this for yourself: Part of the implementation is in the publicly available VirtualBox source code, only some core parts are in the VirtualBox Extension Pack.
AFAIR, the key ID has no special significance, but you can verify this for yourself: Part of the implementation is in the publicly available VirtualBox source code, only some core parts are in the VirtualBox Extension Pack.