Bug 445841

Summary: Allow changing password
Product: [Plasma] plasmashell Reporter: Loren Burkholder <loren>
Component: Vaults widgetAssignee: Ivan Čukić <ivan.cukic>
Status: CONFIRMED ---    
Severity: wishlist CC: ivan.cukic, nate
Priority: NOR Keywords: usability
Version First Reported In: 6.0.0   
Target Milestone: 1.0   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Loren Burkholder 2021-11-20 22:28:26 UTC 
SUMMARY
There doesn't seem to be any way to change the password on a vault. Could this functionality be added?

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: openSUSE Tumbleweed
(available in About System)
KDE Plasma Version: 5.23.2
KDE Frameworks Version: 5.87.0
Qt Version: 5.15.2
Comment 1 Ivan Čukić 2024-12-18 05:42:30 UTC 
It could be done for some backends, but not all support password changing. For example, cryfs doesn't seem to support it.

What is important to note is that changing the password (in general) doesn't re-encrypt the data, so if an attacker has your old encfs/cryfs/... config file and the old password, it is likely that they would be able to access newly encrypted data as well. (didn't test this with the Vault-supported encryption schemes, but this is often the case).

If Vaults get this feature, it will need a wall-of-text explaining what changing the password doe not defend against.

For the time being, and a better practice in general is to create a new vault, move the data, delete the old vault.