veracrypt keyfile size security question

[drugo]

hi

may i ask a question about veracrypt keyfile size?

 

i was used to use truecrypt ,it can generate a random keyfile about 64 bytes

 

instead veracrypt can generate a random keyfile about 64 bytes and 1048576 bytes , instead it create a keyfile about 1mb

 

now my questions 

1)

is it more secure the veracrypt 1048576 bytes then the 64bytes ?

 

2)

is more secure the veracrypt 1048576 bytes keyfile in case of brute force

 

thanks

best regards

[+BudMan MVC]

you do understand any file you have on your system can be used as a keyfile..  Doesn't even have to be created by the software... It only looks at the 1st meg of the file for performance issues with large files...  If your worried, use multiple key files..

 

The file is used in hashing functions.. 

 

https://veracrypt.codeplex.com/wikipage?title=Keyfiles

The keyfile pool content (in addition to being hashed using CRC-32) is applied to the password, which is then passed to the header key derivation function PBKDF2 (PKCS #5 v2), which processes it (along with salt and other data) using a cryptographically secure hash algorithm selected by the user (e.g., SHA-512). The resultant values are used to form the header key and the secondary header key (XTS mode).

 

To keep your tinfoil hat nice and secure on your head.. Yes use as large of files as possible, I would use 512 different key files all over your system - just to be sure!!

[drugo]

  On 09/01/2016 at 14:02, BudMan said:

you do understand any file you have on your system can be used as a keyfile..  Doesn't even have to be created by the software... It only looks at the 1st meg of the file for performance issues with large files...  If your worried, use multiple key files..

 

The file is used in hashing functions.. 

 

https://veracrypt.codeplex.com/wikipage?title=Keyfiles

The keyfile pool content (in addition to being hashed using CRC-32) is applied to the password, which is then passed to the header key derivation function PBKDF2 (PKCS #5 v2), which processes it (along with salt and other data) using a cryptographically secure hash algorithm selected by the user (e.g., SHA-512). The resultant values are used to form the header key and the secondary header key (XTS mode).

 

To keep your tinfoil hat nice and secure on your head.. Yes use as large of files as possible, I would use 512 different key files all over your system - just to be sure!!

Expand  

hi

may i ask few questions?

1)

 

  Quote

you do understand any file you have on your system can be used as a keyfile.

Expand  

what do you mean ? can i use an mp3 or a song bought & downloaded via itunes ?

 

from veracrypt

  Quote

The user can use any kind of file as a VeraCrypt keyfile.

Expand  

2) is it a veracrypt feature ? because for years i have used truecrypt and i could not use any files

 

 

3) my real question was related between the keyfile generated by truecrypt and veracrypt 

truecrypt can generate a keyfile pool not more bigger then 64bytes

veracrypt can generate a keyfile pool about 1048576 bytes

in case of bruteforce ,is the veracrpt 1048576 bytes  keyfile pool stronger then truecrypt 64bytes  ?

 

thanks a lot

sorry for my poor english

[+BudMan MVC]

you can use any file!!  Did you read what I linked too?

 

"The user can use any kind of file as a VeraCrypt keyfile."

 

Truecrypt has always had keyfiles as well from my understanding - https://www.truecrypt71a.com/documentation/keyfiles/

"Any kind of file (for example, .txt, .exe, mp3*, .avi) can be used as a TrueCrypt keyfile (however, we recommend that you prefer compressed files, such as .mp3, .jpg, .zip, etc). Note that TrueCrypt never modifies the keyfile contents."

 

If you use the keyfile gen in truecrypt, it would seem that yes it always just 512bits in length.  You can use multiple keyfiles if you want, even ones you generate.

 

AS to bruteforce with the use of keyfiles, while you could in theory brute force it, the level of entropy that is added with the use of a random keyfile would make that pretty much inconceivable with current levels of computing... But quantum computers are not that far off..  If your keyfiles are compromised then that entropy is lost, and now they only need to bruteforce your password..  Which you would hope is strong as well if your going to be using keyfiles.

 

To be honest I find these sorts of discussions kind of pointless, for anything other than theory of discussion.. Your not storing freaking nuke launch codes for gosh sake..  What could you possibly be encrypting that would require such level of encryption that it would take supercomputers to break?  The basic level of encryption that these sorts of tools provide with just a good password is more than strong enough for any sort of home use, or even most likely company use.. Unless your working for the gov, dod, etc.. 

 

To be honest more than likely all that is going to happen when home users encrypt their stuff is they are going at some point lock themselves out.. Use of mp3 file for example, that they update the meta info on that would change the contents of the keyfile.. Your stuff is gone!!  Unless you have an unaltered copy of that keyfile, etc.  User always end up forgetting their password, or looking their certs, or forget to create a backup of the certs, etc. etc..

 

What exactly do you have on your home computer that actually warrants encryption?  Who is going to have access to this data, and if they have access - what would be the consequences of said access.  Does it warrant the extra overhead and logistics in the use of encryption?  Your secret family recipe for cookies?  Your Resume - your taxes?  To be honest the only thing that warrants any sort of encryption would be something that is storing your passwords

 

[drugo]

  On 17/02/2016 at 15:14, BudMan said:

What exactly do you have on your home computer that actually warrants encryption?  Who is going to have access to this data, and if they have access - what would be the consequences of said access.  Does it warrant the extra overhead and logistics in the use of encryption?  Your secret family recipe for cookies?  Your Resume - your taxes?  To be honest the only thing that warrants any sort of encryption would be something that is storing your passwords

 

Expand  

hi

  Quote

Your secret family recipe for cookies

Expand  

 

BudMan , how i said my english is poor ok

my question is related to curiosity , i don't encrypt my drives , in the past i had only 1 file container

 

seeing truecrypt is no more developed , or at least i haven't seeing updates , the natural compare is with veracrypt

 

now , i just read around about the veracrypt 1048576 bytes keyfiles

and I was (am )wondering the profit to have a keyfile of 1048576 bytes compared to truecrypt

 

the natural question is brute force???

 

that's all

thanks