Hi, I assume that when I change my password, the masterkey.cryptomator file will change. Does that mean that if anyone gets a hold of its old version, can log into my vault with the old password? I’m asking because Dropbox keeps old file versions for 90 days.
No it does not.
See here: What happens exactly when I change password of a vault?
If anyone has access to your vault, your (old) Passwort and your masterkey, he can access your vault and decrypt the files that you have encrypted with the old Kek. Changing the password does not lead to a new encryption of the existing files in your vault.
If you want to reencrypt your files with a new password, you have to create a new vault.
Thank you. I haven’t actually uploaded any “real” files yet. But I am ending my experimentation phase, so now I’m starting to use a “real” password too. So this is good to know!
I’m sorry, just to double-check: Do I really have to create a new vault? If I delete everything from the existing vault, change the password and reupload all the files and folders - will that not re-encrypt them?
You are right. This will work too.