Boxcryptor 2 Change of Password

Shadie777

Hi, I am new to Boxcryptor and set up my account with a weak password.

If I change my password to a strong one, will my previously encrypted files have any less protection? Are they re-encrypted with the new password or is an additional file key added to the encrypted file.

I have searched the forum for this information but can only find references to similar scenarios involving Boxcryptor classic. Is there a Boxcryptor 2 equivalent of an attacker getting hold of an old .encfs6.xml file and using it with an old password?

Would it be wise for me to decrypt and the re-encrypt my previously encrypted files?

Thank you in anticipation of your guidance.

Florian

Hi Shadie777,

Changing your password as soon as possible will keep your data safe.

Unlike Boxcryptor Classic, Boxcryptor 2.x uses an "encryption chain" of different encryption techniques. For more information please look at: https://www.boxcryptor.com/en/technical-overview

The only "equivalent" attack vector is a scenario where the intruder already gained access to your user keys using your weak credentials. At this point, the horse has already left the barn and the attacker holds access to all your encrypted files (as he can now use your user keys to encrypt the file keys) and even can decrypt files in the future even if you change your password.
To prevent him from stealing your further decrypted information the only countermeasure is to reset your account. This will give you new user keys used for your future files (to encrypt their file keys).

Summarizing: If you really think that someone already extracted your user keys using your weak credentials -> simply decrypt your data -> reset your account -> encrypt it again.

Kind regards,
Florian

theking2

The forum search brought me here. I was wondering that as well. I can change the BoxCryptor password but that will not the, symmetric encryption key, so changing it regularly will not add any security. Is it possible to automate the process of setting a new encryption key? Or do I have to go through the process you describe?