Quote from: damaged on October 07, 2012, 11:32 pmQuote from: StExo on October 07, 2012, 10:34 pmHowever, the use of keyfiles is also a massive plus and using some of them from a seperate USB drive which is also encrypted with another password is good, the password doesn't need to be as secure as the main one, but I still recommend 16 characters or more.I've never understood the value of using a key. Storing it on a thumb drive is as bad as writing down your password. If an adversary has physical access to your stuff, which is the only situation where disk encryption matters, then they can get your key. If you password protect the key, then your encryption scheme is only as good as that password, so you might as well use that password on the disk encryption itself.Keyfiles are effectively another password yes but are the longest possible password TrueCrypt supports. You're correct in saying it is like writing it down, but this is like 2 factor authentication, you must have something you know (the password you have in your head) plus something you have (the keyfile) and without both then it is not possible to access the data unless by something such as brute force, but to brute force just 1 keyfile plus a password, assuming you don't give up either of them is close to impossible. Even if they have your keyfile and know it is a keyfile to the encrypted volume, they still need the password in your head otherwise it'll be close to impossible to brute-force still until at least Quantum computers arrive, which is when we're really fucked.