Is your feature request related to a problem? Please describe.
Low quality passwords.
Describe the solution you'd like
Allow to create and/ or to use some random file, to be used as the password or in addition to the password.
Basically the program would make a SHA512 hash of the file and use it as the password or part of the password if the user also provides a password.
These should help to provide better security since is very difficult to have normal people to use really good passwords, but if some key file is used that would make the password wildly harder to crack.
Describe alternatives you've considered
It could be possible to allow to use "EMV Smart Cards" (Visa, Mastecard or Maestro) so that the debit/ credit card can be used as a key file but without calling too much attention and having real plausible deniability since almost everyone has a debit/ credit card, or those that have one aren't rare by any mean.
The idea is not new, and is used by VeraCrypt ( https://veracrypt.fr/en/EMV%20Smart%20Cards.html, https://veracrypt.fr/en/Keyfiles%20in%20VeraCrypt.html ). Apparently they did some trick to use Winscard.dll (Microsoft Personal Computer/Smart Card communication standard) present in Windows to bypass the problem with drivers of the different smartcards out there.
Of course people need to remember to update the EMV to a new card if the old is going to be discard. Also if the person looses the card they may loose access to the file, unless they have export that file and archive somewhere, it is not possible to import or delete, but one can export the file.
So EMV gives low security since anyone with access to the card can use it, but they need to know that person use it... and they need to know the password unless the person didn't use one.
Support to PKCS #11 (2.0 or later) standard [23] would be nice but is difficult to find people that even have those cards, and that would be obviously more suspect, but there is legit and common use for those cards like digital signatures.
These may or may not be a good investment of time. EMV should be very useful since those debit/ credit cards are everywhere in the world, the person will only need a smart card reader, that many have because it is needed to digitally sign documents with the national government provided ID card.
Is your feature request related to a problem? Please describe.
Low quality passwords.
Describe the solution you'd like
Allow to create and/ or to use some random file, to be used as the password or in addition to the password.
Basically the program would make a SHA512 hash of the file and use it as the password or part of the password if the user also provides a password.
These should help to provide better security since is very difficult to have normal people to use really good passwords, but if some key file is used that would make the password wildly harder to crack.
Describe alternatives you've considered
It could be possible to allow to use "EMV Smart Cards" (Visa, Mastecard or Maestro) so that the debit/ credit card can be used as a key file but without calling too much attention and having real plausible deniability since almost everyone has a debit/ credit card, or those that have one aren't rare by any mean.
The idea is not new, and is used by VeraCrypt ( https://veracrypt.fr/en/EMV%20Smart%20Cards.html, https://veracrypt.fr/en/Keyfiles%20in%20VeraCrypt.html ). Apparently they did some trick to use Winscard.dll (Microsoft Personal Computer/Smart Card communication standard) present in Windows to bypass the problem with drivers of the different smartcards out there.
Of course people need to remember to update the EMV to a new card if the old is going to be discard. Also if the person looses the card they may loose access to the file, unless they have export that file and archive somewhere, it is not possible to import or delete, but one can export the file.
So EMV gives low security since anyone with access to the card can use it, but they need to know that person use it... and they need to know the password unless the person didn't use one.
Support to PKCS #11 (2.0 or later) standard [23] would be nice but is difficult to find people that even have those cards, and that would be obviously more suspect, but there is legit and common use for those cards like digital signatures.
These may or may not be a good investment of time. EMV should be very useful since those debit/ credit cards are everywhere in the world, the person will only need a smart card reader, that many have because it is needed to digitally sign documents with the national government provided ID card.