Password and encryption key: what is more secure?
Passwords are notoriously vulnerable to attacks. (See Alfred J. Menezes, Paul C. Van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography, CRC Press, 1996; Bruce Schneier. Applied Cryptography: Protocols, Algorithms and Source Code in C. John Wiley and Sons, Inc., second edition, 1996) Users often have weak passwords because strong passwords are long and hard to remember.
Furthermore, password protection weakens with the passage of time and improvements in computer performance: attackers can rely on faster and faster computers for guessing passwords, while user memory does not seem to expand, and passwords do not seem to get longer. This is why if you need secure encryption of your data but do not want to remember such a daunting passwords as s38.G\R^[email protected]*h](k#, then the most reliable way for you is to use the user’s encryption key. In this case you have to pay for security because you need to keep the encryption keys on the floppy disk and insert the floppy disk into the FDD every time you want to decrypt the data.