(3) I know little about LUKS, but this is a generic idea. A strong secret used to encrypt and decrypt actual data is encrypted in many copies, independently: using a file, using a passphrase or whatever; these are slots. You use one "whatever" to decrypt one copy and then you can decrypt the actual data. If you want to stop using a weak passphrase just remove it, so there is no longer a copy of the strong secret protected by the weak passphrase. Other copies will keep their functionality and there is no need to re-crypt. The actual data is not and has not been encrypted with the passphrase.
↧