1 - If its just so easy to make new vault, use its master key for anyother vault and then (if have recovery key) can reset password, doesnt feel very reassuring! i was hoping that each vault has unique master key tho. Which brings to my another concern,
2- why save master key in folder with my encrypted files? why not save it within app or locally somewhere else? if i setup vault on a cloud, the whole masterkey and everything is just there, in this case it just takes another person to have cryptomator and a brute force method or sth to identify my password, the 256bit encrypted files are not really that secure with masterkey just there? while just a password away to decode everything. so the whole security is as strong as my password? what if i am normal person ans use a fairly basic normal password…
disclaimer: i am just really a normal person without real knowledge about this, i tried reading some posts and faq on the webpage and have come up with these questions, please be kind to me i dont mean to be rude too!
You can’t use a Masterkey file of vault A to reset the password of vault B. The Masterkey file is specific for each vault. If you try to use a masterkey file with another vault and perform a password reset, the vault will be shown as empty as the files cannot be decrypted.
There are functions to obstruct bruteforce
Yes. This is the case with any encryption, no matter which kind of encryption. A weak password will lead to a weak encryption.
thankyou for clarifying everything! I appreciate and understand. One last thing, can i cut and move the vault.cryptomator.bkup and masterkey.cryptomator.bkup files to somewhere else since i think they are backup files needed to recover they keys in case lost? or are they needed in root with other counterparts?
You could but it wouldn’t make too much sense since they’re re-created with each successful unlock. These backup files are helpful if “something goes wrong” with your vault so that you can revert to a backup file. E.g., if the original files get damaged somehow (bit rotting or accidental change). As the filenames suggest, they’re just backups and not relevant in everyday use.