Encryption In-Depth: Keyfiles

You may have seen some applications that have encryption options such as Kepass or Veracrypt where you can create a "keyfile". But what is a keyfile and what is its purpose?A keyfile is a file with an encryption key that is randomly generated either by entering random text and numbers or moving a mouse around the key values that are generated are then outputted to a file used to decrypt the files. You can think of this as an alternative to a passphrase.See below for a screen-shot from Keepass which is a password manager. in the case of KeePass, you use your mouse to generate random values of up to 256bits. The idea is the random motion of the mouse will generate a good amount of entropy.Keyfiles can be used on their own or with another form of authentication such as a passphrase. This is my personal preference; however, I have a keyfile that is on a USB stick and is also a passphrase. The 2 combined are a great way to protect your data especially with something like a password manager. A keyfile can have any extension and it can also be hidden inside an image file (can you say sneaky stereography?)Like your private keys for your certificates, you want to guard the keyfile as this is essentially your private key you ideally want to have the keyfile separate from the database of files you are protecting.It is not a good idea to have the keyfile and the data on the same computer especially if this is the only way in which you are using to authenticate yourself.You may be a bit safer if you are using a passphrase as well as the keyfile. Keyfiles are used in a wide range of applications that have an encryption mechanism I recommend the use of keyfile along with a passphrase. Always remember to treat a keyfile as you would a private key for a certificate.You can find Keepass @ https://keepass.info/Find Veracrypt @ https://veracrypt.codeplex.comWritten by Sean Mancini at www,seanmancini.com