Passwords and Keys
Password, or rather passphrase, is the most commonly used type of key. Its usage is pretty obvious and does not need any explanation. The main problem with passwords derives from human imperfection – simple and short passwords are easy to guess; long and complex ones are easy to forget. There also are several less obvious pitfalls – check our article How to Choose a Good Password for a few tips.
Ciphers can’t use textual passwords; a password first needs to be converted to a binary form (which is called hash or digest). It seems logical to skip the conversion step, i.e. to produce a binary code and use it directly as a key.
Kryptel and Silver Key packages include a small program that generates a unique binary value and stores it in a file. The user can then copy the key file to a flash stick and insert the stick instead of typing a password.
Binary keys are strong, reliable, and very easy to use. The bad side is that a binary key is also very easy to steal – copying its tiny file will take just a couple of seconds.
See also Binary Key Primer.
Yubikey is a specialized USB device looking as an ordinary flash stick. It in fact is an improved version of binary key, which can’t be copied (but can still be stolen). There also is a disadvantage – Yubico asks $20 for the basic Yubikey model. See What Is Yubikey for more information on Yubikeys.
Composite key, as its name implies, is composed of two or more simple keys. In order to access the data the user must provide all the parts of the composite key.
While it may look as a needless complication, it is not. Adding a password to a binary key or to a Yubikey will minimize damage if the key gets stolen or lost.
Kryptel and Silver Key password dialog directly supports only two simple forms of composites: password + binary key and password + Yubikey. With Password Manager you can create any kind of composites consisting of any number of simple keys.
Similar to composite key, key group consists of several simpler keys. In order to access the data the user must provide any one of the component keys (compare to composite key where the user must provide all the components).
Key group is especially useful in a situation where different subkeys have different access rights. For example,
- John’s password allows creation of a new encrypted container and adding files to it, but does not give the right to look inside it,
- Susan can browse and decrypt data but can’t encrypt,
- Kevin has full access.
Key group may include any number of simple keys and composite keys, but not another key group.
See also: Password Manager.