Thanks. I would use a PIM, but that would be yet another thing to remember, even tho it’s just 3 numbers.
As far hidding keyfiles, you would also need to remember where you place them, and if you type where they are located somewhere, that is a single point of failure.. so I have to think about how to sort this out in a way that is manageable. For now, securing keyfiles inside FDE copies of Linux is it, but I would need to think about how do I put them somewhere in a random folder where they don’t stand out. Could you add a filename extension to them?
But in any case, aren’t these files easy to find by a reasonably sophisticated attacker? kind of like how you can find Veracrypt volumes with some software (haven’t tried it) that finds for randomness in files, and lists thinks that could be volumes (this is assuming they accessed your Linux FDE drive, that is.)
And as far as the 64bit key, the next time I make a volume, I will use 1024 there on the keyfile option, just as good ol paranoid approach to max out all settings.
And when it comes to using actual, normal files (like an image) as keyfiles, I guess this is easy to hide, since they are just regular files, but are not as strong as proper random data with a lot of entropy as the keyfiles you can create with Veracrypt.. so I see this tradeoff of choosing between files that look like something encryption related (a proper random keyfile) vs a regular keyfile that is just a regular file and easy to hide.
For cloud storage, any free email provider with reasonable features or any cloud storage service, I guess could do to store keyfiles, since they are useless by themselves, and then in a completely separated service, you can host the encrypted volumes, which are also useless without the keyfiles (and obviously, the passwords) where you may potential need to pay if you host a lot of data.
In this context, do you recommend any cloud storage services? Ideally, if you could pay in crypto it would be best. And it would be even better if you can buy a lifetime plan so you aren’t worried about how if you forget to pay they may delete your files or something.
I don’t need a ton of space, since it’s just documents, but now having learned about keyfiles, im more confident about hosting data online for a potential scenario in which you may lose all your data like a flood, fire or whatnot, so I was looking into how to clone your encrypted drive, which has a password, and then put it inside an encrypted Veracrypt volume, which has another password, which also requires a keyfile, which is hosted in another cloud storage, both cloud storage accounts having different passwords. I think this is a reasonable solution to store data without having to rely on a physical location, which at the end of the day is one big single point of failure.