Page 1 of 1

security for important storage

Posted: Wed Mar 18, 2020 7:17 am
by waldo

I encrypted a .txt file with AES-crypt with a password of 64 random characters generated on :

My file is stored in a few clouds accounts ... it contains the private keys to bitcoin investment.

Is my file secure from prying eyes ?

Re: security for important storage

Posted: Mon Mar 23, 2020 5:27 pm
by paulej

64 random characters is probably pretty good. Let's assume those were out of a character set of 16 characters (which appears to be what the site is using) and truly random. In that case, the bit entropy of your password can be computed as log2(16)*64 or 256 bits of entropy. See:*64

That should still be fine, since AES has a 256-bit key. It doesn't get stronger with more entropy on the password.

We have a page with computations like that here:

However, the bigger problem is using online tools. Can you trust that they are truly random? Can you trust they're not storing your data. As a general rule, I don't trust online sites like those, because you never know who is behind them and you don't know who is in the middle.

At the bottom of that page on Packetizer, there is a link to this page:

There, you can download several tools in a couple of languages (Perl and C) to generate random password. IMO, using any off-line tool is safer than an online tool. Of course, you need to trust where the software is coming from, but all the source code it published there so you can review it.

The larger topic is whether your data is secure online. I do store virtually everything online using AES Crypt. I have it entirely automated, where data I store on the NAS gets encrypted and uploaded to Amazon S3. Of course, I keep all the keys private. I have complete confidence the AES Crypt files cannot be broken, but security also depends on keeping your encryption key secret. What I do for that is encrypt the private key and do NOT store it in the same place as the other data.

Re: security for important storage

Posted: Tue Mar 24, 2020 9:15 am
by waldo
Thank you for the informative answer.

I personally have no problem using the GRC (Steve Gibsons) password generator.

I strongly believe the 64 character passwords created there are sufficient.

Knowing that your implementation of the AES is also correct, i'm sure my files are very safe.

Off course i keep the encryption key on a CD and on a USB stick (and on paper also) in a vault on 2 different locations (redundancy)

Excuse my grammar faults, but i'm Dutch (Flemish) speaking.

Re: security for important storage

Posted: Wed Mar 25, 2020 2:46 am
by paulej
Just keep the key on the physical media encrypted, too. You could use a password that you can more easily remember, but keeping it encrypted helps to protect the important key in case somebody gets it.

Re: security for important storage

Posted: Wed Mar 25, 2020 10:32 am
by waldo
I thought about encrypting the secret key also on the media i store it on also ...

But i dropped that idea. Because :

It's already in a vault on 2 different places (bank vaults, one i own myself, one of my parents)
i could forget the encryption key
i could pass away and my BTC keys are lost forever than
there is no software left to decrypt my files
the encrypted files become corrupted.

I don't fear physical attacks against my stored offline keys. That part is taken care off.

I only had fear about the online storage. But with AESCrypt this fear is no more needed.

I'm also a proud user of Truecrypt 7.1 and Bitwarden password manager. I run Linux Zorin Os.

There is a time that you have to place trust in places like bank-vaults etc..., to keep things reasonable (cost - benefit factor).

thanks Paul !