Password change requires re-encryption

[brainchild0]

I recently updated the password key for a vault.

The process was a cumbersome one, of the application downloading all information from the vault, re-encrypting it to the new key, and then uploading it.

Most systems of encryption-backed storage of data entail a cascade of decryption keys. The main data is encrypted with a master key generated by the system, which never changes for the life of the store. If access is to be granted by password, then the password is used to encrypt the master password, which is also stored in such an encrypted.

Changing the user password then only requires generating a new encrypted representation of the master key, not the stored items.

Some systems may used a more sophisticated cascade of stored keys.

Proton Pass is an example of a system of a similar use case to Passman, in which a master password is maintained for the account but is not the key entered by the user.

It would be more efficient and more robust if Passman used the same model.

[animalillo]

Yes it would make complete sense, but would require a complete reimplementation of the way the app works and some way to migrate existing data to work that way during an update.

Currently the app does not have any kind of client side migration system which would be required for this to be done safely.