Page 1 of 1

Re: Same password on every file? Secure?

Posted: Sat Dec 19, 2015 8:24 am
by paulej
The only good reason for using different passwords for each file is so that if somebody discovers one password, they can't gain access to every file. Personally, I don't worry much about that, since I use complex passwords of reasonable strength that I don't write down. But, I will use different passwords for different use cases, such as a backup file vs a file I email to somebody.

The passwords can be any length up to about 1024 characters, if I recall correctly. The password isn't the key,though. The password is hashed using SHA-256 about 8192 times to produce the 32 octet key used by AES. For backup files, I usually use passwords that are random with about 64 or more characters (using pwgen). Those get written down, though, as I can't remember them. For other files, I usually use 16 character passwords generated using Single Pass. I remember a really complex password and often use the file name as the "service name". Still others are just passwords I store only in my head of varying lengths.

You need a strong password, and I tried providing some guidance on the pwgen page. But another important consideration is " don't lose your password ". There's no recovery from a lost password, unless it's weak and can be guessed easily.