If you want to change the encryption password, does it pose any risks or drawbacks?
Does it matter if it has a custom PIM?
Does it matter if it’s a system partition, USB or just a container file? What if it has a keyfile?
Does it require that you wipe the entire disk again or something? how is this process done to guarantee no leaks?
If this is safe then what is the best way to do this in Linux using the VeraCrypt GUI?
No, changing the password does not pose any NEW threat. But if your current password is leaked or compromised, changing the password will NOT solve the issue. When changing the password, VeraCrypt does not truely change the encryption key(which will require full decryption with current key, and re-encryption). Instead, it simply changes the volume header. In short, the encrypted data stays nearly the same and the attacker could still have access to your data based on the compromised original password.
As someone replied in your other posts, PIM has nothing to do with passwords. It’s just another independent parameter for encryption. The argument that lower PIM matters when the password is below 20 (or any arbitrary number) characters does not mean that the PIM interferes with the password or the algorithm in any way. It is rather a speculation based on realistic calculations that long passwords itself has an entropy high enough that brute forcing is practically infeasible regardless of PIM value.
I don’t get it. So what’s the point of changing the password? The password is not compromised, I just wanted stronger encryption.
If your previous password was, eg.‘1234’, it could be easily brute forced.
However, changing the password would prevent such cases, although the encryption key remains essentially the same, which generally does not matter since brute force attacks do not brute force the raw “encryption keys” itself, but rather focus on the user password.