Keyfiles
Keyfiles allow you to set another level of authentication for your
containers, in addition to standard password protection. Keyfiles are
(optionally) set during container creation or when adding a new
password. You may choose one or several keyfiles to secure the
container. BestCrypt processes its contents and generates a hash that
is added to the encryption key. To mount a container encrypted with
keyfiles, you needs to provide the correct container password as well
as the set of keyfiles (the order does not matter).
- Increased resistance against brute force attacks. An
attacker cannot identify whether keyfiles were used to encrypt the
container or not. He may try bruteforcing the password to no avail, but
brutefrocing a password in addition to keyfiles will take a
significantly longer time. Moreover, if keyfiles are not stored
locally, it will be nearly impossible to succeed with a brute force
attack.
- Password strengthening. Additional hash resulting from
processing keyfiles is used as salt.
- Two-factor authentication. In addition to a standard
password, you need to provide a set of files to access data inside an
encrypted container. Keyfiles may be stored on the local machine, on
USB or even in cloud storage, which gives additional advantages.
BestCrypt's specially designed Keyfile Manager allows for easy
adding and viewing of keyfiles. The Keyfile Manager is available by
clicking the Key Files button in the
advanced view of the Enter Password dialog:
Any file can be used as a Keyfile with one restriction: the file shouldn't be modified.
By modifying the file, a new file is created. This new file will no longer be recognized by BestCrypt,
denying access to the container.
See also:
Quick start guide
Basic concepts
Windows compatibility notes