[deleted]
So by adding a new key, and removing the old one. There should not be any way to bruteforce t he old key and gain access.
Correct, so long as the key is removed from all copies of the header file (in case you made backups, it must be removed from those as well) there should be no way to gain access using that key.
Sould i use cryptsetup-reencrypt instead to be certain?
I don't think its necessary unless you believe that your keys may have been compromised. EDIT: It should be used if you feel like your current encryption options are not sufficient, say you want to move to AES-XTS from AES-CBC . I've never attempted that so can't comment on stability, but you may want to test it in a virtual machine. Also, it will need to be done while the LUKS container is at rest.