I am very delighted with Boxcryptor and use it daily. As an intellectual exercise I've been considering potential attack modes.
Two points come to my mind, one fairly esoteric and the other something that is more real world.
Taking them in reverse order
1) It appears to me that it is vital the user installs the software themselves. If it is installed for them (by a supplier, advisor, etc) then using the change password facility will never offer full security as the installer will always be able to decode files if they know the install password and have the associated .encfs6.xml file (which may be available from Dropbox history for some time),
If I'm right maybe this should be made more apparent to new users?
2) Because of your openness I'm able to asses and ensure the actual security of my installation with one major exception. (Other than accepting the robustness of AES-256)
As I understand it, the Volume key is generated by the random number generators you have described and PBKDF2. Theoretically this gives a very strong key. It needs to be strong as it is never changing and many files are encrypted with it.
However this one vital element is not something I am able to verify for myself.
I'm sure you will appreciate that I'm not questioning Boxcryptor's integrity on this but wondered if this hypothetical loophole could be removed if, after a clean installation, I were to replace the encodedKeyData field in .encfs6.xml with my own random string before I start to encrypt any files?
Would this work and are there are issues I need to consider when editing the file?
Thanks for a great piece of software.