Is it safe to change password for FDE?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Can I just go to the menu in "System -> Change Password" and change it safely?
Why is there the wipe option? This makes me thing it's unsafe... do I need to wipe it and wait 2 days again? 3 pass took 3 days when I did the full disk encryption back then.
Im just paranoid that doing this is not safe and I should do the whole process from scratch.
If it is safe, then I guess I will need to re-do the CD for the recovery boot?
The password has not been compromised btw, its for a cold storage setup, but I want to change it. I have lost HDDs because I forgot the password, I want to change it to something else before i forget it again.
please help can someone comment on this
Yes.
You can choose the number of times to overwrite the old header which contains the encryption key. If you are using SSD, then likely the old header will not be overwritten.
Read the various topics in the link below.
https://www.veracrypt.fr/en/Security%20Requirements%20and%20Precautions.html
No. The password is for unlocking the header to retrieve the encryption key. The change password will only write a new header and depending number of wipes may take minutes as long as you are using default PIM value.
Correct. See the section System -> Change Password in the link below.
https://www.veracrypt.fr/en/Program%20Menu.html
There are multiple unresolved posts about users losing access to drives, possibly due to header corruption, after changing the password. Advisable to have a backup drive or at least keep the header backup file separately (which, judging from the above post, would restore the original password).