I don't think using a key file alone is secure.bertilak wrote:I've been using a password with KeePass and this discussion got me to try using a key file just to see how well it worked. I ran into what looks like problem ...Epsilon Delta wrote:Thousands of files means 10 to 20 bits of entropy. May as well just keep a strong password in a word document named after your third pet. If the attacker does not have access to your PC either one is safe, if they do have access either one is easily broken.LadyGeek wrote:Like TrueCrypt, KeePass can use a keyfile: Key Files
Instead of remembering a super secure password, let your data take care of the details. All you have to remember is that you've used Grandma's vacation picture. And don't lose the picture.
Or, any one of the thousands of files on your PC. Just be sure to have a backup somewhere.
When I open the locked file the unlock dialog has "key file" checked and the name and location of the file pre-filled! Even If I keep the file on external media (e.g. USB drive) giving away all the following seems pretty compromising:
- the fact that it is a key file and not a password that is in use
- the name of the file
- the path to the file tells what kind of media it is on
A key file + password - now that's like double authentication and much more secure than a password. I think the keyfile is really to prevent remote hacks like someone brute-forcing passwords against thousands of websites remotely - if your keyfile is local only, that usually adds a much higher level of protection than password only.