Data security on re-encrypted Bitlocker drive using the same key?

Question

If I format and re-encrypt a USB drive using Bitlocker, using the same key that was used to encrypt it prior to the format, is the data that was previously on the drive still secure?

I don't imagine it's deterministic, and formatting then re-encrypting the drive should remove the prior key, so I'm leaning towards 'safe' but wanted a second opinion.

Answer 1

The password, PIN, key, etc. that you give to BitLocker to encrypt a disk is never used to determine the content of the Full Volume Encryption Key (FVEK), and it is the FVEK that is used to encrypt the bits on the disk.

So if you completely remove the first encryption, then turn it back on again, a completely different FVEK will be generated, meaning your original data cannot be decrypted even if you provide the same password.

Here's a high-level overview of how it works:

1. BitLocker is enabled. It creates a random FVEK and will use that to encrypt the bits on disk.
2. You're prompted to provide a password, PIN, etc. This is used to encrypt the FVEK, which is then written to the disk.
3. The FVEK is then used to encrypt the disk.
4. Later, to access your data, you provide your password, but this simply is used to gain access to the FVEK which is stored on the disk.

So as you can see, the password you provide only protects the FVEK, but doesn't determine its contents.