Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > TrueCrypt 4.1 Keyfiles

Reply
Thread Tools

TrueCrypt 4.1 Keyfiles

 
 
Nisar Jalal
Guest
Posts: n/a
 
      12-19-2005
Hi,

Could somebody please confirm whether creating a truecrypt partition with:

1. 20 char password (A) +
2. 2 keyfiles (B) & (C)

=

either

1. 20 char password (A) + 1024 char pwd (B) + 1024 char pwd (C) = 2068
char password (D)

or

2. 20 char password (E) made more random than (A).

Heard some confusing stuff on the web. (1) makes sense and kills brute
force dead, but (2)
is just useless.

Thanks in advance.

http://www.velocityreviews.com/forums/(E-Mail Removed)

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
 
Reply With Quote
 
 
 
 
nemo_outis
Guest
Posts: n/a
 
      12-19-2005
"Nisar Jalal" <(E-Mail Removed)> wrote in
newsp.s10y7eb66dlfh9@tiny:

> Hi,
>
> Could somebody please confirm whether creating a truecrypt partition
> with:
>
> 1. 20 char password (A) +
> 2. 2 keyfiles (B) & (C)
>
> =
>
> either
>
> 1. 20 char password (A) + 1024 char pwd (B) + 1024 char pwd (C) = 2068
> char password (D)
>
> or
>
> 2. 20 char password (E) made more random than (A).
>
> Heard some confusing stuff on the web. (1) makes sense and kills
> brute force dead, but (2)
> is just useless.
>
> Thanks in advance.
>
> (E-Mail Removed)
>




In principle you are completely correct in wanting your password to have
at least the same stength as the underlying encryption algorithm.
However, with that said, a 20-character password is far from useless - it
is, in fact, more than sufficient against all but the strongest
adversaries for the foreseeable future, barring breakthroughs. Consider
that a 20-character password randomly composed from 26, 52 or, say, 100
characters has 94-, 113-, 133-bit strength. Even with allowing 1 bit per
year "erosion" of the effective strength due to improvements in hardware
and decryption your secrets should be safe for several decades.

I have not examined your question in depth but the documentation (to its
eternal credit!) does appear to be sufficiently specific to permit
answering them (in the Technical Details, the references, and throughout
the document).

Incidentally, Truecrypt supports passwords up to 64 characters long (the
minimum is 12).

Regards,

 
Reply With Quote
 
 
 
 
Nisar Jalal
Guest
Posts: n/a
 
      12-20-2005

I was going to switch from DriveCrypt which has 4 lines of entry, which is
much better than 1 line only + they have token keys.

Keyfiles if they appended length to the pwd, and could be stored on an mp3
player stick, would have been brilliant, but apparently not.

Pity. Just not sure what the great advantage of them is, if the pwd
length is still the same.

>
>
> In principle you are completely correct in wanting your password to have
> at least the same stength as the underlying encryption algorithm.
> However, with that said, a 20-character password is far from useless - it
> is, in fact, more than sufficient against all but the strongest
> adversaries for the foreseeable future, barring breakthroughs. Consider
> that a 20-character password randomly composed from 26, 52 or, say, 100
> characters has 94-, 113-, 133-bit strength. Even with allowing 1 bit per
> year "erosion" of the effective strength due to improvements in hardware
> and decryption your secrets should be safe for several decades.
>
> I have not examined your question in depth but the documentation (to its
> eternal credit!) does appear to be sufficiently specific to permit
> answering them (in the Technical Details, the references, and throughout
> the document).
>
> Incidentally, Truecrypt supports passwords up to 64 characters long (the
> minimum is 12).
>
> Regards,
>




--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      12-20-2005
"Nisar Jalal" <(E-Mail Removed)> wrote in
newsp.s1121ggp6dlfh9@tiny:

>
> I was going to switch from DriveCrypt which has 4 lines of entry,
> which is much better than 1 line only + they have token keys.



As near as I can tell the sole advantage of Drivecrypt's 4 lines (160
characters) are that they give more flexibility for passphrases rather than
passwords. Truecrypt's 64 characters are more than enough to create a
sufficiently strong password (in the sense of being at least as strong as
the underlying encryption algorithms)


> Keyfiles if they appended length to the pwd, and could be stored on an
> mp3 player stick, would have been brilliant, but apparently not.



Keyfiles can be stored anywhere you choose, including, for instance, on a
USB thumbdrive. They then become a de facto hardware token. And Truecrypt
is correct in insisting that the password itself should have sufficient
strength - keyfiles are an **optional** feature. You may use just a
password, just a keyfile (i.e., with a null password - although this is
deprecated), or both.


> Pity. Just not sure what the great advantage of them is, if the pwd
> length is still the same.



The Truecrypt docs explain some of their uses and advantages, including
resistance to keyloggers.

Regards,

PS On the future "to do" list for Truecrypt is support for external
authentication modules (which could, inter alia, interface with hardware
tokens).

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Truecrypt 4.1 Borked Pseudo Mailed Computer Security 11 11-30-2005 06:29 AM
Re: Truecrypt 4.1 nemo_outis Computer Security 8 11-30-2005 04:58 AM
Re: Truecrypt 4.1 nemo_outis Computer Security 0 11-26-2005 06:01 AM
Re: Truecrypt 4 Released! Ari Silversteinn Computer Security 1 11-02-2005 06:48 PM
Truecrypt 3.0 has been released nemo outis Computer Security 4 12-11-2004 05:58 PM



Advertisments