Password and Key File: Something you know and something you have

Two-factor authentication (2FA) or multi-factor authentication (MFA) has long been used by bank cards (knowledge: PIN, possession: card) and is also used by some web applications. And it also plays a (minor) role in encryption: The meanwhile discontinued program TrueCrypt, like its successor VeraCrypt, allowed the use of keyfiles in addition to passwords.

The Weakness of Passwords and the Strength of the Second Factor

If only the passwords were good enough, the encryption would be pretty secure. Unfortunately, passwords are often very bad and almost never as good as a randomly generated key. They usually represent the weakest link in the encryption.

Key derivation functions reduce this weakness, but they do not eliminate it.

If no outdated encryption algorithm is used, an attack on the key is practically impossible, but attacking a password by a dictionary attack is always promising.

A random value of sufficient length, which is required for decryption, makes the scheme invulnerable to dictionary attacks.

Key Files for PEAs

You have the choice of either generating a file with random numbers (this is the recommended option) or selecting a file from the file system. A generated key file is 128 bytes in size.

No matter which file you have chosen, a Blake2b hash value of this file is calculated and combined with the derived password via HKDF scheme.

Usage

Be careful never to modify or delete the key file.

It really matters where you store this file. If you store it on an USB stick that you insert before starting the PEA, then only you as the holder of the stick can decrypt the data.

If the key file is stored on the same device as the PEA, then it still protects the data that are stored in the cloud.

If you have selected the "Default key file" option, the file will be processed automatically if it is accessible. Otherwise, you must select the file each time you start the PEA. In the vast majority of cases, selecting the file manually does not provide much security benefit.



Menu of PeaFactory