Re: Are key files better than passwords?

why not rent a bankvault if you really have something worth protecting for 50 years

Are you kidding? Would your really trust any bank? For 50 years?

> Will key files guarantee me protection agains brute force attacks for
> the next 50 years?
is meaningless, and -

I disagree slightly. The question shows that he doesn't understand
much, but can be answered:
1. Yes: The number of entropy in a 1kB key file is more than
sufficient until the universe collapses, provided the file is
generated really randomly.
2. No: For the guarantee you need to use it properly. For example,
with AES you use only 256 key bits, which may be enought for 50 years
or not.
3. No: For any guarantee you need some understanding of the subject.

are only so many letters that can be used.
is high class gibberish.

Right. But he probably means that using an alphabet means less
information.
That's obviously wrong, one letter contains less information than 1
byte, but sufficiently long random passphrase is as strong as a
keyfile.
He only needs to know how long the passphrase shoud be in order to get
the 330 bits mentioned below.

I am using Truecrypt with the AES algorythm and Whirlpool for this.
The odds are VERY high that neither of those will last 50 years

IMHO, you'd need a very heavy weakness in the hash in order to get
problems with it in Truecrypt.
Maybe somebody'll correct me, but I can't imagine it could happen.

if you hide the keyfile you thwart all
brute force attacks because the keyfile will always be missing from the
possible combinations.

You surely mean dictionary attacks.

I am making the conclusion that the claims that certain algorythms make to
be uncrackable it is actually bull*** then.

It depends on what uncrackable mean.
Do you want me to give you all my passwords and PINs in an encrypted
file?
No problem, you can try to find somebody to crack it, but the cost'll
be much higher than the gain.

I can not come up with a single thing that is worth preserving for 50 years

Neither I can, but I can easily imagine many things which I don't want
to be REVEALED, even not in 50 years.

Straightening out your faulty concepts would take a long time

Sure, but he isn't going to be a cryptographer, just a user. So he
needs wo know:
1. What program to use.
2. What options to use.
3. How to create the passphrase and/or the key file.
4. How to remember/store it.

My (surely not precise as I'm no expert at all) answer is:
1. Truecrypt.
2. For more security than 256 bits you need a cascade cipher.
3. This requires a long answer and good understanding. Start e.g. with
Diceware.
4. I can't imagine to remember a passphrase for 50 years.
.

Quantcast