How does Bitlocker only-PIN method work?

Question

Microsoft explained USB-key and TPM based BitLocker decryption process on this article.
USB-Key process:

The steps in the illustrated sequence are as follows:

1- The operating system starts and prompts the user to insert a USB device that contains the USB key. 2- The VMK is decrypted with the key on the USB device.
3- The encrypted FVEK is read from the volume and the decrypted VMK is used to decrypt it.
4- Disk sectors are decrypted with the FVEK as they are accessed.
5- Plaintext data is provided to applications and processes.

TPM initializing process:

The steps in the illustrated sequence are as follows:

1- The BIOS starts and initializes the TPM. Trusted/measured components interact with the TPM to store component measurements in the TPM's Platform Configuration Registers (PCRs).
2- If the PCR values match the expected values, the TPM uses the storage root key (SRK) to decrypt the volume master key (VMK).
3- The encrypted FVEK is read from the volume and the decrypted VMK is used to decrypt it.
4- Disk sectors are decrypted with the FVEK as they are accessed.
5- Plaintext data is provided to applications and processes.

In windows 8 and 8.1, BitLocker got a new feature which allows user to use only a PIN to decrypt data. But how does Only-PIN based decryption works? where TPM and USB-key features both are disabled and we use only a password-like PIN to decrypt volume data. Does it decode VMK then FVEK like other methods or it decrypt data directly?

Answer 1

It will function the same way as the USB key.

The key that is used to encrypt the data will always be a separate key to the one that the user provides. The user will provide a key which will be used to construct the key-protector key. This is used to decrypt the Volume Master Key (VMK). The VMK is used to decrypt the Full Volume Encryption Key (FVEK), which actually encrypts the data on the disk.

This is done so that if you change your password, you don't have to re-encrypt your entire hard drive contents.

It's explained pretty nicely in this TechNet article:

BitLocker Keys

Any time you deal with encryption, you need to know about keys, and BitLocker is no exception. BitLocker uses an elegant, but somewhat complex, architecture of keys.

The sectors themselves are encrypted using a key called the full-volume encryption key (FVEK). The FVEK, though, is not used by or accessible to users. The FVEK is in turn encrypted with a key called the volume master key (VMK). This level of abstraction gives some unique benefits, but can make the process a bit more difficult to understand. The FVEK is kept as a closely guarded secret because, if it were to be compromised, all of the sectors would need to be re-encrypted. Since that would be a time-consuming operation, it’s one you want to avoid. Instead, the system works with the VMK.

The FVEK (encrypted with the VMK) is stored on the disk itself, as part of the volume metadata. Although the FVEK is stored locally, it is never written to disk unencrypted.

The VMK is also encrypted, or "protected," but by one or more possible key protectors. The default key protector is the TPM. Use of a TPM is discussed in the following section on integrity checking. A recovery password is also created as a key protector, for emergencies. Recovery is also discussed later.

Answer 2

As @Jim says, it's similar to the USB key option. A key protector is stored in the volume metadata, which contains an encrypted version of the VMK. To decrypt the VMK, BitLocker uses a key derived from your password. I don't know what key derivation function is used (and it may vary by machine capability, because it seems to be about the same half-ish second on most machines) but it's slow. It's almost certainly PBKDF2, bcrypt, or scrypt. The output of this slow KDF is used to decrypt the VMK, which is used to decrypt the FVEK.

If anybody knows the particulars of the KDF, I'd be very interested to learn them. All the resources I could find online were frustratingly vague.