Closed dflipse closed 6 months ago
Right now there's no way to do this any more efficiently than creating another empty volume using the new password and then copying the entire disk image.
Longer term, it could be possible if an additional level of indirection were used. That would mean having the "real" encryption key encrypted using the password and then stored in the image. This is how e.g. LUKS works.
Thanks @archiecobbs and I get your point. This would work for me and I'd like to have 'real' encryption key hidden away, indeed. Currently, I have my long/complex password saved in a file and applied chmod 600. Yet this does not guarantee it won't get compromised
Closing this issue as "won't do". Feel free to add more comments if new information becomes available.
For when encryption password may have been compromised, would be great previously used s3backer encryption password (--encryot flag) can be updated. This without having to backup all data and rewriting everything back in. As that would be very costly, time and resource consuming, indeed. Is this feasible?