25Nis
Securely changing Veracrypt password
How can I change a Veracrypt (master) password efficiently and securely?
Based on the answers here, it is not safe to use system --> change password due to various reasons.
I cannot simply image the device to my hard drive as it does not use FDE (I am in the process of moving towards full encryption); doing so would allow attackers to get the master key that is encrypted with a weak password from the hard drive (rather than from the device that will use a complex password).
The best solution I have come up with so far is to:
- create a Veracrypt container on the hard drive using a strong one-time password (that is used to temporarily store the image of the device)
- image the device and store in temporary Veracrypt container
- delete old Veracrypt partition (with a weak password)
- create a new Veracrypt partition on top (with a complex password)
- move files from image to new Veracrypt partition
