1. A user can change their password without re-encrypting any of the uploaded files. Changing the password only changes the encryptedMasterKey that is stored on the server.
2. Hashes of passwords are not stored at our server, and email addresses are stored encrypted.
2. How is the email address encrypted?
Why would an attacker need a stored hash? In a database leak situation it's
possible to get to the data with only a valid email-password combination or am I missing something ?
There is no information from a registered device necessary for the decryption right ?
2. Hashes of passwords are not stored at our server, and email addresses are stored encrypted.
You can read more about our key-encryption flow here: https://ente.io/architecture#key-encryption