How are the passwords and keys handled by Sentry 2020?

Each volume is encrypted using a randomly generated key, which itself is encrypted using a user supplied password. Random value generation utilizes parameters like mouse movement, timer, performance counters, etc. which are scrambled using SHA1 hash algorithm. The randomly generated key is stored in a KEY file, encrypted with a user supplied password and a randomly generated "salt" value stored in the same file. Volume encryption is performed on each 512 byte block independently. Before encryption, the contents of each block is scrambled using the number representing the position of the block in the volume. This is done so that two blocks with identical contents (for example, all zeros) will look totally different after encryption.

What are the advantages of taking a key file away?

To prevent attacks against poorly chosen passwords. If your choice of the password is poor, someone can get to your data by guessing the password (if it's something obvious), or by finding it out using brute force (if it's too short). If you can select and remember a password long and unpredictable enough, then you don't have to worry about leaving the key file on disk. If you use a short or predictable password, or don't want to use password at all, you can keep the key file with you (by placing it on removable media) to prevent attacks against password.

I lost my key file. Have I lost all my data?

Yes. There are no backdoors. The key inside the key file is at least 128 bit and is randomly generated. The encryption algorithms used are strong and there are no known attacks against them that would allow the extraction of the data.

Encryption algorithms

CAST-128 has been implemented as per: RFC 2144, "The CAST-128 Encryption Algorithm", Carlisle Adams, May 1997. The CAST-128 code has been validated against the RFC 2144 reference implementation test vectors.