I know that the encryption and MAC keys are derived from the password using masterkey.cryptomator and these keys are used to decrypt/encrypt the files.
But when I change password of a vault, what happens exactly? I am able to read old files and also create new files, but the old password is gone which means the old encryption and MAC keys are gone which means I shouldn’t be able to read the old files but I am.
Thanks in advance.
Nope. The password is used to derive a KEK, which is then used to encrypt futher keys. The KEK changes, but the keys encrypted with the KEK will stay the same.
The actual files will not get re-encrypted, meaning you can not upgrade a weak passphrase to a stronger one once the data has been synced to a service that allows recovery of older versions of the masterkey file.
That’s interesting.
So, if I’d like to encrypt old data with new, stronger password, I have to re-encrypt everything, right?
Yes, in that case you need to create a new vault and drag the data from the old to the new one. Make sure to wipe all backups of the old vault afterwards.
And vice versa I could create a masterkey with an insanely strong (long) password and change this later on to a somewhat more “practicable” for daily use even before encrypting a single payload file.
Right?
The masterkey doesn’t get stronger by using a strong password, though. It is always sourced from a CSPRNG, the password only determines how easy it is to “unlock” this masterkey.
Oh, okay. I had a different impression from this discussion. So if I started with a not too good password, I don’t need to re-encrypt and re-sync, but change only that password. Is that correct now?
Thanks!
No. If you want to strength your password thats opens your vault, there’s no other way than to create a new vault with a strong password and copy your files to it and upload it (or in short: replace your vault with weak password with a new that has a strong password)
The quality of the random data doesn’t depend on your password, but the bruteforce time does directly. An attacker doesn’t need your current masterkey file, he can use any version that might be available via cloud revision history.
Therefore no version should ever have a password that is easy to guess.
Of course an attacker can’t see which version uses a stronger or weaker password from the masterkey file itself, but maybe he once saw you entering a four digit code. In that case changing the password doesn’t help. You need a full key rotation, which is at time of writing this only possible by creating a new vault, as @Michael already mentioned.
Okay - I’m sorry if I may be slow of mind…
It seems very clear to me what @overheadhunter is writing. So it may be a bit contradictory that @Michael writes I absolutely would need to create a new vault. As it seems this is “only” true because of the history of the masterkey file, not as an intrinsic necessity.
Is this correct now?
Thanks!
If you change your password with the intention to get stronger protection, you need to create a new vault. Especially if you assume that an attacker knows you have been using a fairly weak password before. Otherwise any sane attacker wouldn’t even mind trying to bruteforce a scrypt-derived key.
If you change your password just because you want a different password of equal or lower complexity (read: length), keep using the same vault.
This is concerning., So CSPRNG is used to create a key which is then used in conjunction with clear text to create cypher text. And * NO PART OF ANYTHING I CREATED * is in the process anywhere? I get it that CSPRNG uses a random number generator and that’s good, but actually cryptomator has the ONLY key that encrypts and decrypts my data, and they don’t need anything from me at all to do that. The password we create is nothing more than just a vault password?
OK, I know I’m responding to my own post, but after creating a flow chart I THINK I have this down, If a flow chart or white paper exists where could I download it? And one last question, how are DEK’s synced between devices?, ie my desktop>cell phone>lap top etc?
Thanks in advance.
Hi.
I guess this is what you are looking for.
https://docs.cryptomator.org/en/latest/security/architecture/
The sync is done by the storage provider app or any other sync app you are choosing to sync your files to your online storage. (For desktop app). The mobile apps connect directly to your online vault.