Author Topic: Using a file as the key instead of a master password  (Read 4818 times)

Offline billybob

  • Normal Members
  • *
  • Posts: 8
Using a file as the key instead of a master password
« on: February 23, 2006, 11:42:40 AM »
I really like the idea of adding in some protection against keyloggers.

How about doing what TrueCrypt does?  It gives users the option of locking with a password AND 1 or more keyfiles.  The important point is that the keyfile is chosen through a GUI using the mouse.  Even if your attacker got your password with a keylogger, he wouldn't know which keyfiles you used or even if you used keyfiles at all.

The keyfile only needs to be a few tens of bytes long so practically any old file you have lying around can be used.  It does add a bit more risk.  If the file ever gets corrupted, modified, or lost, it would be just like forgetting your password.  You have to choose your keyfile wisely.

This is a pretty nice compromise between speed and security.  It can be kind of slooow to hunt and peck your well chosen 20 character passphrase on a GUI keyboard.   ;)

BTW, info on this aspect of True Crypt I only can find in the pdf pages 41-43.  But there are no pictures of this feature so you really have to try it to see what I mean.
« Last Edit: February 23, 2006, 10:50:59 PM by billybob »

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Using a file as the key instead of a master password
« Reply #1 on: February 23, 2006, 04:50:26 PM »
Hi Billybob,

I am familiar with TrueCrypt. Wonderful tool. Are you suggesting the ability to use a file as the key instead of a user-entered password?

-Eric
« Last Edit: February 23, 2006, 08:39:30 PM by Eric H. Jung »

Offline billybob

  • Normal Members
  • *
  • Posts: 8
Using a file as the key instead of a master password
« Reply #2 on: February 23, 2006, 07:49:47 PM »
Quote
Hi Billybob,

I am familiar with TrueCrypt. Wonderful tool Are you suggesting the ability to use a file as the key instead of a user-entered password?

-Eric
Hi Eric,

Not instead of, in addition to.  You would always have to enter the password.  But a user could choose to add one or more keyfiles to the encryption key.  My general thinking is that you are currently using 9 variables a user can choose to encrypt with, this would be a 10th.  Everywhere you ask for the master password, you could add a check box: 'Use keyfile' and a button: 'Choose keyfile'.

I don't know the details of TrueCrypt's implementation, but I assume that are taking a hash of the first 1024 kB of the keyfile and using that as a key to be added in the mix.  Is this possible with PasswordMaker?

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Using a file as the key instead of a master password
« Reply #3 on: February 23, 2006, 08:42:56 PM »
Quote
I don't know the details of TrueCrypt's implementation, but I assume that are taking a hash of the first 1024 kB of the keyfile and using that as a key to be added in the mix. Is this possible with PasswordMaker?
Yes, this is definitely possible. However, I'm not sure why you'd use the hash the first x bytes as the key instead of using the first x bytes themselves?

Tanstaafl/Tyrantmizar: can you guys add this to the FRL, "Ability to specify a file as the master password or as a secondary password." FYI, I'm splitting this post from its original location here to foster discussion.

-Eric

PasswordMaker Forums

Using a file as the key instead of a master password
« Reply #3 on: February 23, 2006, 08:42:56 PM »