6

I am planning on creating a text file to store my passwords, so I only need to remember 1 password (at the moment, I have about 20 long/complex passwords in my mind, and am worried that I might forget 1 or more of them).

If I create a text file, store the passwords in that text file, move that text file to a usb stick, and encrypt the usb stick with EncFS.

  1. If the usb stick gets stolen, how secure is the usb stick?
  2. If the method above can be secured further, how would I do that?

I'm guessing no solution exists at the moment to prevent brute force attacks from future possible quantum computers. If no, I am looking for the next best solution.

one
  • 1,781
  • 3
  • 18
  • 46
oshirowanen
  • 705
  • 3
  • 10
  • 21
  • 7
    The solution already exists, you don't need to reinvent the wheel. Use a reputable password safe. – Rory Alsop Apr 13 '14 at 15:48
  • If those passwords ever are used to authenticate to websites on the Internet, the discussion on quantum computers are moot. Even if you use quantum-resistant crypto on your USB stick, you're still sending them out over non-quantum resistant crypto to the websites. – Matt Apr 14 '14 at 01:28

5 Answers5

13

Actually quantum computers are not that much a threat for symmetric encryption. To put it in simple (and somewhat simplistic) terms:

  • A quantum computer, if it ever exists, will totally break the most used asymmetric encryption and key exchange algorithms (RSA, ElGamal, Diffie-Hellman...) but not all asymmetric algorithms (QC does not break the concept of asymmetric encryption, only some of its incarnations).

  • For symmetric encryption, key space exhaustive search is faster, but still expensive. Roughly speaking, an n-bit key offers resistance 2n/2 against a QC (compared to 2n for a classic computer).

In the context of password-based encryption of a file, where the key is (derived from) a password, you are in the "symmetric" world, so if you fear quantum computers then it "suffices" that you choose a password with twice as much entropy. Say, aim for 120 bits of password entropy, and you should be all fine. See this answer for examples of password entropy calculations.

One may say that quantum computers do not actually exist (not "true" QC, the kind which can eat RSA at breakfast), and when they exist (if that ever happens) then they will be very expensive at first. Someone who can afford the few billions of dollars for a working QC is unlikely to be interested in your passwords.


Anyway, unless it was done with inordinate incompetence, the symmetric encryption will be the strongest point of the system, not the weakest. Any encryption relies on some software, somewhere, which does the encryption and the decryption. That will be the weak point; malware and key loggers are a much more plausible threat than an attacker who somehow obtained your USB stick and decides to attack the encryption upfront. More probably, such an attacker would write some nasty virus on the USB stick and put it back in your pocket.

(Which is a way to say that this is not a game: there are no rules between attacker and defender, and nothing compels the attacker to play nice and try to break the encryption only.)

Also, don't forget usability: keeping the attacker away from your passwords is fine; but don't lock yourself out. A USB stick is not the most reliable piece of hardware ever, and it can be lost. You should keep backups.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
7

I have used a similar method in the past: I had a plain-text file containing my credentials and encrypted this with the Blowfish cipher.

Now I use KeePass, an offline password manager. I strongly recommend it, as it is

  1. Much more user friendly than an encrypted text file, and
  2. Much more secure than a text file encrypted just once (N = 1, see below). KeePass supports multifactor authentication and protection against keyloggers, just to name a few advantages.

The encrypted database containing my credentials are stored in a directory that's automatically backed up to Wuala, a secure file storage service, or you could use similar services like Dropbox, Google Drive or OneDrive.

I also recommend to use a key file, which is like a second, very strong password (at least 256 bits of entropy), and store this on a USB mass storage device (something you have). Combined with a strong master password (something you know), you've essentially set up a 2-factor authentication mechanism that's very difficult to break.

Be sure not to save the database and the key file in the same location. It is essential that you keep the key file secret, so on a medium that's on your person, and a backup (e.g. on paper) in a vault or similar secure location. If you lose the medium that the key file is stored on, you can simply use KeePass to generate a new key file, rendering the lost key useless. And even if an attacker could obtain the key file AND the database, the database is still protected with your strong master password.

KeePass makes it actually much more hard to break into the database by brute-force or dictionary attacks. It does this by encrypting the database not once, but many times. The recommendation is to set the number of rounds N so high, that decrypting the database takes 1 second on your system (on modern hardware N easily exceeds 10 million). This might not look much, and indeed it's not for day-to-day use, but for an attacker this will make the brute-force or dictionary attack take N times longer.

See KeePass Security for an explanation of all security features.

You can also use a YubiKey instead of the key file. KeePass supports the YubiKey through the OtpKeyProv plugin. In fact:

All generator tokens that follow the OATH HOTP standard (RFC 4226) are supported.

So you're not limited to a YubiKey.

Steven Volckaert
  • 1,193
  • 8
  • 15
0

There is a security analysis of EncFS which says that it can be attacked if the attacker gets hold of multiple versions of the ciphertext. Why not using gpg for encrypting the text file? Are you seriously planning to challenge an adversary that is capable of building a quantum computer? That sounds pretty ridiculous. With 0.001% of the money I need to build that computer I can hire a professional team that gets your secret data, be it by spear phishing, violence, whatever...

kaidentity
  • 2,634
  • 14
  • 31
-1

A good encryption method like AES or RSA is more than enough. Nothing is 100% secure, but using RSA-1024 or RSA-2048 should be enough.

  • 2
    Actually the industry is actively trying to move away from RSA-1024 and recommendations are to use at least 2048 bits to be safe in the mid to long term. – Karol Babioch Apr 13 '14 at 12:49
  • 1) RSA is not useful here, since we need symmetric password based encryption 2) Picking an algorithm is easy, actually building something something secure from low level crypto like AES is hard. – CodesInChaos Apr 14 '14 at 12:30
-3

I recently created a "tool" (file) called Bobsie-Crypter to finally get rid of the same problem, you can find it here:

https://github.com/getting-started-net/Bobsie-Crypter

It is basically just an html file with some interface for easy handling and it encrypts the data with AES. It is not ultra super NSA proof yet, but it does a good job.

Skippy
  • 1