It would be interesting if it was possible to require
two or three keyfiles. This opens possibilities such
as making it so that only a person carrying a particular
flashdrive/floppy logging into a particular omputer can
decrypt. Or you could require three people who hold
different keyfiles to all be present in order to decrypt.
A stern warning about what happens if they lose one of
the three keyfiles would be appropriate.
Also, now that we have a 64-bit vrsion, is there any
chance of an AES256 version? Yes, we all know that
128 bits are more than enough, but some organizations
require 256 bits:
"The design and strength of all key lengths of the AES
algorithm (i.e., 128, 192 and 256) are sufficient to
protect classified information up to the SECRET level.
TOP SECRET information will require use of either the
192 or 256 key lengths."
Source: "CNSS Policy No. 15, Fact Sheet No. 1 National
Policy on the Use of the Advanced Encryption Standard
(AES) to Protect National Security Systems and National
Nobody can remember a passphrase with 256 bits of
entropy, but creating a keyfile with 256 bits of
entropy is easy.
Log in to post a comment.