Closed dflipse closed 6 months ago
archiecobbs
commented
1 year ago Right now there's no way to do this any more efficiently than creating another empty volume using the new password and then copying the entire disk image.
Longer term, it could be possible if an additional level of indirection were used. That would mean having the "real" encryption key encrypted using the password and then stored in the image. This is how e.g. LUKS works.
dflipse
commented
1 year ago Thanks @archiecobbs and I get your point. This would work for me and I'd like to have 'real' encryption key hidden away, indeed. Currently, I have my long/complex password saved in a file and applied chmod 600. Yet this does not guarantee it won't get compromised
archiecobbs
commented
6 months ago Closing this issue as "won't do". Feel free to add more comments if new information becomes available.
For when encryption password may have been compromised, would be great previously used s3backer encryption password (--encryot flag) can be updated. This without having to backup all data and rewriting everything back in. As that would be very costly, time and resource consuming, indeed. Is this feasible?