0

I use KeePass and Veracrypt on my home computer. In addition to a strong password, I also use key files, for example, Veracrypt lets you choose any file on your computer(mp3, jpeg, etc..) as the key. How then would I go about storing/backing up those keys? I found a few pages on this site, but they're all at the company/enterprise level storage, I'm looking for an average user solution.

I have a 1TB hard drive and a 64GB USB, both in really good condition. I'm also pretty good with batch/powershell scripting, so writing a backup script for the keys is not a problem.

I personally don't trust cloud storage, and my KP database and containers never leave my home computer.

My real threat is spyware/malware reading or somehow knowing the files I use as keys and transmitting that somewhere. I keep my PC updated, and I use A/V/MalwareBytes(which I also keep updated).

My real threats are probably local threats, such as unauthorized users, but it's only my family members(they have no idea how to use a computer other than the basics, so I'm not too worried). I also never leave my computer unlocked and unattended. What about burglaries?

1 Answers1

0

Same as backing anything else up. Copy the key to removable storage and keep it somewhere secure. A couple of cheap flash drives would provide redundancy on one of the drives dying. If secure storage is an issue than encrypt this drive with a password.

Worth noting - where do you keep the original keyfile? Because if its on the same drive as the encrypted volume chances are losing one leads to losing both. I.e. backing up the key to a separate drive only makes a lot of sense if you back up the encrypted data too.

Hector
  • 10,893
  • 3
  • 41
  • 44
  • I have a USB drive, when ever I'm on the computer it's with. If not, its unplugged sitting in my home. Just wanted to know if there was any extra precautions I can take. –  Oct 17 '17 at 15:58
  • Well - if your key backup is solely to protect against failure of the drive then just get another drive large enough to have the keyfile, stick it on there and place it somewhere secure. Although if the keyfile always resides in the same property as the machine and the password is strong, unique to that volume and only known by you I question the benefit of the keyfile in the first place. – Hector Oct 17 '17 at 16:06
  • Mainly theft. Suppose someone got a hold of the drive during a break-in, They don't know the password or that I used a key as well. They could use brute-force, but that will take them forever ;). Extra precaution –  Oct 17 '17 at 16:10
  • OK - but again what does the keyfile gain you over a strong password? If they just steal the drive they don't even know that you used a password and if you did what derivation algorithm / how many rounds you used - leaving them having to brute force the entire keyspace either way. If they do know you used VeraCrypt then they know it can accept a keyfile - meaning it is just a constant factor more difficult to attempt a dictionary attack. A keyfile only really makes sense if its not stored with the volume when not in use. – Hector Oct 17 '17 at 16:19