TrueCrypt 4.1 Keyfiles

Discussion in 'Computer Security' started by Nisar Jalal, Dec 19, 2005.

  1. Nisar Jalal

    Nisar Jalal Guest

    Hi,

    Could somebody please confirm whether creating a truecrypt partition with:

    1. 20 char password (A) +
    2. 2 keyfiles (B) & (C)

    =

    either

    1. 20 char password (A) + 1024 char pwd (B) + 1024 char pwd (C) = 2068
    char password (D)

    or

    2. 20 char password (E) made more random than (A).

    Heard some confusing stuff on the web. (1) makes sense and kills brute
    force dead, but (2)
    is just useless.

    Thanks in advance.



    --
    Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
     
    Nisar Jalal, Dec 19, 2005
    #1
    1. Advertising

  2. Nisar Jalal

    nemo_outis Guest

    "Nisar Jalal" <> wrote in
    news:eek:p.s10y7eb66dlfh9@tiny:

    > Hi,
    >
    > Could somebody please confirm whether creating a truecrypt partition
    > with:
    >
    > 1. 20 char password (A) +
    > 2. 2 keyfiles (B) & (C)
    >
    > =
    >
    > either
    >
    > 1. 20 char password (A) + 1024 char pwd (B) + 1024 char pwd (C) = 2068
    > char password (D)
    >
    > or
    >
    > 2. 20 char password (E) made more random than (A).
    >
    > Heard some confusing stuff on the web. (1) makes sense and kills
    > brute force dead, but (2)
    > is just useless.
    >
    > Thanks in advance.
    >
    >
    >




    In principle you are completely correct in wanting your password to have
    at least the same stength as the underlying encryption algorithm.
    However, with that said, a 20-character password is far from useless - it
    is, in fact, more than sufficient against all but the strongest
    adversaries for the foreseeable future, barring breakthroughs. Consider
    that a 20-character password randomly composed from 26, 52 or, say, 100
    characters has 94-, 113-, 133-bit strength. Even with allowing 1 bit per
    year "erosion" of the effective strength due to improvements in hardware
    and decryption your secrets should be safe for several decades.

    I have not examined your question in depth but the documentation (to its
    eternal credit!) does appear to be sufficiently specific to permit
    answering them (in the Technical Details, the references, and throughout
    the document).

    Incidentally, Truecrypt supports passwords up to 64 characters long (the
    minimum is 12).

    Regards,
     
    nemo_outis, Dec 19, 2005
    #2
    1. Advertising

  3. Nisar Jalal

    Nisar Jalal Guest

    I was going to switch from DriveCrypt which has 4 lines of entry, which is
    much better than 1 line only + they have token keys.

    Keyfiles if they appended length to the pwd, and could be stored on an mp3
    player stick, would have been brilliant, but apparently not.

    Pity. Just not sure what the great advantage of them is, if the pwd
    length is still the same.

    >
    >
    > In principle you are completely correct in wanting your password to have
    > at least the same stength as the underlying encryption algorithm.
    > However, with that said, a 20-character password is far from useless - it
    > is, in fact, more than sufficient against all but the strongest
    > adversaries for the foreseeable future, barring breakthroughs. Consider
    > that a 20-character password randomly composed from 26, 52 or, say, 100
    > characters has 94-, 113-, 133-bit strength. Even with allowing 1 bit per
    > year "erosion" of the effective strength due to improvements in hardware
    > and decryption your secrets should be safe for several decades.
    >
    > I have not examined your question in depth but the documentation (to its
    > eternal credit!) does appear to be sufficiently specific to permit
    > answering them (in the Technical Details, the references, and throughout
    > the document).
    >
    > Incidentally, Truecrypt supports passwords up to 64 characters long (the
    > minimum is 12).
    >
    > Regards,
    >




    --
    Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
     
    Nisar Jalal, Dec 20, 2005
    #3
  4. Nisar Jalal

    nemo_outis Guest

    "Nisar Jalal" <> wrote in
    news:eek:p.s1121ggp6dlfh9@tiny:

    >
    > I was going to switch from DriveCrypt which has 4 lines of entry,
    > which is much better than 1 line only + they have token keys.



    As near as I can tell the sole advantage of Drivecrypt's 4 lines (160
    characters) are that they give more flexibility for passphrases rather than
    passwords. Truecrypt's 64 characters are more than enough to create a
    sufficiently strong password (in the sense of being at least as strong as
    the underlying encryption algorithms)


    > Keyfiles if they appended length to the pwd, and could be stored on an
    > mp3 player stick, would have been brilliant, but apparently not.



    Keyfiles can be stored anywhere you choose, including, for instance, on a
    USB thumbdrive. They then become a de facto hardware token. And Truecrypt
    is correct in insisting that the password itself should have sufficient
    strength - keyfiles are an **optional** feature. You may use just a
    password, just a keyfile (i.e., with a null password - although this is
    deprecated), or both.


    > Pity. Just not sure what the great advantage of them is, if the pwd
    > length is still the same.



    The Truecrypt docs explain some of their uses and advantages, including
    resistance to keyloggers.

    Regards,

    PS On the future "to do" list for Truecrypt is support for external
    authentication modules (which could, inter alia, interface with hardware
    tokens).
     
    nemo_outis, Dec 20, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. nemo outis

    Truecrypt 3.0 has been released

    nemo outis, Dec 10, 2004, in forum: Computer Security
    Replies:
    4
    Views:
    598
    Anonymous
    Dec 11, 2004
  2. Ari Silversteinn

    Re: Truecrypt 4 Released!

    Ari Silversteinn, Nov 2, 2005, in forum: Computer Security
    Replies:
    1
    Views:
    553
    traveler
    Nov 2, 2005
  3. nemo_outis

    Re: Truecrypt 4.1

    nemo_outis, Nov 26, 2005, in forum: Computer Security
    Replies:
    0
    Views:
    467
    nemo_outis
    Nov 26, 2005
  4. nemo_outis

    Re: Truecrypt 4.1

    nemo_outis, Nov 27, 2005, in forum: Computer Security
    Replies:
    8
    Views:
    729
    Anonymous via the Cypherpunks Tonga Remailer
    Nov 30, 2005
  5. Borked Pseudo Mailed

    Re: Truecrypt 4.1

    Borked Pseudo Mailed, Nov 27, 2005, in forum: Computer Security
    Replies:
    11
    Views:
    1,270
    Anonymous via the Cypherpunks Tonga Remailer
    Nov 30, 2005
Loading...

Share This Page