Password change requires re-encryption

[brainchild0]

I recently updated the password key for a vault.

The process was a cumbersome one, of the application downloading all information from the vault, re-encrypting it to the new key, and then uploading it.

Most systems of encryption-backed storage of data entail a cascade of decryption keys. The main data is encrypted with a master key generated by the system, which never changes for the life of the store. If access is to be granted by password, then the password is used to encrypt the master password, which is also stored in such an encrypted.

Changing the user password then only requires generating a new encrypted representation of the master key, not the stored items.

Some systems may used a more sophisticated cascade of stored keys.

Proton Pass is an example of a system of a similar use case to Passman, in which a master password is maintained for the account but is not the key entered by the user.

It would be more efficient and more robust if Passman used the same model.