#144 KeyFile warning - data loss?

open
5
2008-07-19
2008-07-19
Anonymous
No

When using a keyfile other than the one generated by Axcrypt, there is a dialog box warning of possible data loss. None of the existing documents explains under what circumstances this data loss can occur.

In particular, if my keyfile contains 512 characters of uppercase hex data (0-9,A-F) am I in danger of data loss because of using this keyfile?

Discussion

  • Logged In: YES
    user_id=379999
    Originator: NO

    The warning about data loss is there and intentionally a bit obscure to scare you, because the circumstances where this may happen is a bit complicated.

    The main risk with this is that it might be an attempt to encrypt a file with itself
    as key-file, and also that it might be an axcrypted file, which is subsequently decrypted
    and due to the security features of AxCrypt, an re-encryption will never re-create an identical
    file. Both cases may result in data-loss.

    In your particular case, there is no danger as long as you do not encrypt your key-file with itself as a key...

     
  • I am curious about how AxCrypt combines keyfils and passphrases. I am going to assume random data (not the hex described above) to make the math easy. A 512-character keyfile has 4096 bits of data. Let's assume that I use such a keyfile with an 8-character (64-bit) random key. Further assume that an attacker obtains the keyfile. Does the encrypted file still have 64 bits of entropy? I am hoping to hear that AxCrypt feeds the keyfile and passphrase into a cryptographic hash (SHA-1?). So tell me, how exactly are the keyfile and passphrase combined?

     
  • Hello,

    AxCrypt essentially concatenates the passphrase with the contents of the keyfile, runs this through a key derivation function based on SHA-1. So, if you have 4096 bits from the keyfile, and 64 from the passphrase and the passphrase is leaked, you're still using the full strength of the AES-128 algorithm - i.e. an attack is not made any easier by the fact that the passphrase is known.

    Looked at from the other end - the passphrase will not add any strength, but it will help if the keyfile is leaked since then you retain at least 64 bits of entropy.