From the Official Android Source:
Upon first boot, the device creates a randomly generated 128-bit master key and then hashes it with a default password and stored salt. (The default password is: "default_password").
However, the resultant hash is also signed through a TEE (such as TrustZone), which uses a hash of the signature to encrypt the master key.
When the user sets the PIN/pass or password on the device, only the 128-bit key is re-encrypted and stored. (ie. user PIN/pass/pattern changes do NOT cause re-encryption of userdata.)
What this means is that, essentially, there are two keys to be understood:
- The master key
- The user_encryption key (or just 'key')
The master key is generated during the first boot only, and never ever changes (unless maybe a factory reset or wiping userdata partition is done). The data in the /data partition is encrypted or decrypted only using the master key. The master key cannot be stored as it is (it's not safe to do so, right?), so it is encrypted using another key said below.
The user_encryption key is the key using which the encrypted master key can be decrypted, because only using the master key, the encrypted data can be decrypted. (This key is computed based on your PIN/password/whatever.)
People often tend to think both these keys as one and the same, which is not the case here.
When you change your unlock PIN/password, only the user_encryption key changes, not the master key, so the data is not re-encrypted.