Question: How secure is storing the secret.tomb file along with they key file relying only on password?

[NickEckardt]

(Not sure if submitting an issue is the right place to ask this, feel free to direct me elsewhere)

I'm trying to understand what the purpose of a separate key is in the implementation of tomb. The REAME states that "one always needs both the tomb and the key, plus its password, to access [the data in the tomb]." Does this if the attacker has both the secret.tomb file and the secret.tomb.key file but not the password, they would still be unable to access the data?

The reason I'm confused by this is that if this were true couldn't we store the key and the .tomb file as one combined file? For example we could use the first X bytes to store the key. Then the command
tomb dig -s 100 secret.tomb
could ask for the password directly, automatically generate the secret.tomb.key and append it to the secret.tomb file. The steps of

tomb forge secret.tomb.key
tomb lock secret.tomb -k secret.tomb.key

wouldn't be needed anymore. That would simplify the workflow for users, so I assume there's a reason we store the .tomb.key separately. Is there a security reason we store the key separately from the secret.tomb file or am I missing something?

Thanks!

[jaromil]

The password does not provide enough entropy for reasonable security; an attacker gaining both tomb and key can brute force the password. Using KDF extension, particularly Argon2, can help protect against brute-forcing, but it is not enough... Tomb exists also to discourage people from doing this. If you insist on doing this, then please know that the disk-encryption systems of GNU/Linux distros keep volumes and keys on disk, so perhaps use that.