Aha.
*Is* the keydisk the master key, and hence can't be changed?
Very low priority topic:
What about implementing some routine for regenerating the master key,
even if that would imply reprocessing *all* of the disk's contents?
That could be beneficial in a place where you don't have the space to
backup 100% of the disk as to start over.
On 2015-11-21 02:45, Ted Unangst wrote:
Tinker wrote:
Ah, and maybe equally importantly, what are the security ramifications
of changing password/keydisk vs. wiping and installing from scratch
with
a new password/keydisk?
The master key, which the data on disk is encrypted with, is masked
with your
password. The master key never changes. But if you change your
password, the
mask changes. The master key is not recoverable with the old password.
Say that you would change password/keydisk today, and then next week
someone gets a copy of your encrypted disk, and of your previous
password/keydisk.
Would they be able to extract any part of the disk information then,
if
not why?
However, if somebody has a copy of your disk today (with old password)
and
they later, next month, learn your old password, they can decrypt that
disk.
That should be obvious.
But they also now have a copy of the master key. So if they get your
new disk,
they can also decrypt that.
Changing passwords is convenient, but if you have somehow lost control
of
either the password or the disk, it would be safer to start over.
