Question about changing password

meinusername

Hey there,
when I change my master password, do the files with the old password still decrypt? And are all files reencrypted to a new raw format or are the files still the same in encrypted format so that they do NOT need to be uploaded all again to dropbox?
Thanks

Robert

Hi!

From our Knowledge Base:

"BoxCryptor uses two keys for file encryption: a master key which is derived from a user supplied password and a volume key. All files are encrypted with a volume key which is generated when a new encrypted directory is created. The volume key is stored encrypted by the master key in a configuration file (.encfs6.xml) at the top level of the source directory. When BoxCryptor mounts an encrypted directory you have to enter the password. The password is used to derive the master key and the master key is used to decrypt the volume key which is then used for file encryption."

https://boxcryptorsupport.uservoice.com/knowledgebase/articles/35101-how-does-boxcryptor-encrypt-files-

To answer your question: When you change the passwords, the files do not have to be re-encrypted. Only the volume key has to be re-encrypted and the configuration file to be updated. That's it.

Hope I could help you!

meinusername

Okay thanks, that sounds good!

bobob

Hi,

I encrypted all my dropbox files with a masterkey which is not very strong and may have been hacked previously. If I change the masterkey, I understand from Robert, the files will NOT be re-encrypted again. Does this mean that they are easy to decrypt, since during the encryption moment a weak masterkey was used?

How can I solve this situation? I can I re-encrypt the files with a new strong masterkey?

Robert

Hi bobob,

Yes, if a weak password was used when an attacker might have had access to the .encfs6.xml configuration file, this "weak" configuration file might be used in the future to decrypt the existing or any new file of this Boxcryptor Classic Folder.

To correct his situation you should create a completely new Boxcryptor Classic Folder (with a strong password) which will use a new and different volume key. Then copy all files from the "old" Boxcryptor Drive to the "new" Boxcryptor Drive which will re-encrypt the files with the new key and then try your best to permanently delete the "old" Boxcryptor Classic Folder - which might not always be easy depending on the cloud storage provider.

Best regards,
Robert

meisusername

what can I do if I forgot my password for boxcryptor

Gustav

Hi meisusername,

if you forgot your password, then your files are all lost. We cannot restore or decrypt your password. You can write it down somewhere to avoid this case.

Greetings
Gustav

nms

I have to enter my master password when login to BC support website or into the app, surely this isn't secure enough as the MK can be logged easily by BC during the login process.
IMO the MK should be a completely separate password that is only used on the device at the time of decryption and not used for other login purposes.