Keyfiles

Keyfiles allow you to set another level of authentication for your containers, in addition to standard password protection. Keyfiles are (optionally) set during container creation or when adding a new password. You may choose one or several keyfiles to secure the container. BestCrypt processes its contents and generates a hash that is added to the encryption key. To mount a container encrypted with keyfiles, you needs to provide the correct container password as well as the set of keyfiles (the order does not matter).

Advantages of using keyfiles include:

Increased resistance against brute force attacks. An attacker cannot identify whether keyfiles were used to encrypt the container or not. He may try bruteforcing the password to no avail, but brutefrocing a password in addition to keyfiles will take a significantly longer time. Moreover, if keyfiles are not stored locally, it will be nearly impossible to succeed with a brute force attack.
Password strengthening. Additional hash resulting from processing keyfiles is used as salt.
Two-factor authentication. In addition to a standard password, you need to provide a set of files to access data inside an encrypted container. Keyfiles may be stored on the local machine, on USB or even in cloud storage, which gives additional advantages.

BestCrypt's specially designed Keyfile Manager allows for easy adding and viewing of keyfiles. The Keyfile Manager is available by clicking the Key Files button in the advanced view of the Enter Password dialog:

If you add a folder, all files residing in that folder will be added -- but NOT subfolders. If you add a file to the folder later, it will be impossible to open the container until you delete the newly added files.

Practically any file can be used as a keyfile with one requirement: It should not be modified. Once a keyfile is modified (to be more exact, any bit of its first 1024 kilobytes), it becomes a new file, which means it will no longer allow you to open the container.

Keyfiles

See also: