66
Keyfiles
Keyfile is a file whose content is combined with a password (for information on the method used to
combine a keyfile with password, see the chapter
Technical Details
, section
Keyfiles
). Until the
correct keyfile is provided, no volume that uses the keyfile can be mounted.
You do not have to use keyfiles. However, using keyfiles has some advantages:
•
May improve protection against brute force attacks (significant particularly if the volume
password is not very strong).
•
Allows the use of security tokens and smart cards (see below).
•
Allows multiple users to mount a single volume using different user passwords or PINs.
Just give each user a security token or smart card containing the same TrueCrypt keyfile
and let them choose their personal password or PIN that will protect their security token or
smart card.
•
Allows managing multi-user
shared
access (all keyfile holders must present their keyfiles
before a volume can be mounted).
Any kind of file (for example, .txt, .exe, mp3
*
, .avi) can be used as a TrueCrypt keyfile (however,
we recommend that you prefer compressed files, such as .mp3, .jpg, .zip, etc). Note that TrueCrypt
never modifies the keyfile contents.
You can select more than one keyfile; the order does not matter. You can also let TrueCrypt
generate a file with random content and use it as a keyfile. To do so, select
Tools -> Keyfile
Generator
.
Note: Keyfiles are currently not supported for system encryption.
WARNING: If you lose a keyfile or if any bit of its first 1024 kilobytes changes, it will be impossible
to mount volumes that use the keyfile!
Dostları ilə paylaş: