This project has moved and is read-only. For the latest updates, please go here.

load keyfile(s) from archive

Topics: Feature Requests
Jul 13, 2016 at 8:52 PM
Hello, I just started using keyfiles with veracrypt and I liked the option to automatically create numerous keyfiles and then use whichever ones I wanted (attacker not knowing which keyfile(s) I through obscurity). However, after making a bunch of keyfiles and loading a container using a subset of the generated keyfiles, I noticed the access times of the relevant keyfiles were updated. This removes the "security by obscurity" aspect since a simple access time check will show the attacker which keyfiles I use to load my container. Not a huge deal from a security aspect but, imo, every little bit of security and obscurity help and it's hopefully an easy fix.

So, to address this issue, I think it would be very useful to have a "load keyfile(s) from archive" option (and, to make it a bit easier for people to utilize, a "create archive of keyfile(s) option"). This would update the access time of the entire archive (let's say .tar or .zip) but, it wouldn't allow anyone to know which keyfile(s) within the archive were accessed (I'm assuming. I'm not a zip nor tar expert).

As an added bonus, the "default keyfiles" location could be a .tar or .zip file with a checkbox to pull from within the archive instead of using the actual archive. When you try to load a container with default keyfiles set to pull from an archive it could display the contents of the archive allowing the user to select the actual keyfiles to use. This would allow the easy use of keyfiles, which is a huge security gain, without storing the actual files/path to be used (as it seems to do now with the default keyfiles option).

I'm sure I could think of some other benefits and/or use cases but this seems like a good place to start

Thanks for the consideration and thanks for the great software!