Passcode technically explained (Telegram Desktop)

The password isn't written anywhere. The file tdata/settings0 stores program-wide settings (like connection type and tray icon), password is used to encrypt a key, which is used to encrypt your local cache and auth keys to the cloud.

When you enter a password, Telegram Desktop tries to decrypt the key by it and if it was able to decrypt it — it is the correct password.

When you change the password Telegram Desktop re-encrypts the key and everything is encrypted by a new password.


Technical infos about the local passcode encryption

From the passcode Telegram Desktop creates an 2048 bit encryption key by an PKCS5_PBKDF2_HMAC_SHA1 function with 4000 iterations count and random 256 bit salt, that is stored together with the encrypted data. After that the app's using this 2048 bit encryption key to encrypt all the local stored data (like cloud access keys, cached auto downloaded images and voice messages, settings and all other data) using the same algorithm that is used in MTProto for messages:

App takes a piece of data, takes 128 bit of SHA1 hash of this piece and prepares from it and the 2048 bit key a 256 bit key and 256 bit initialization vector and then use AES_ige_encrypt() to encrypt that piece of data with that key and that initialization vector.