Thanks, goatpig. Thats very helpful.

The use of Scrypt is re-assuring (I do now remember setting a long unlock). So even if the machine were accessed and the disk encryption broken, the keys themselves would be secure for long enough for the coins to be safely moved using a back-up. Though at the loss of plausible deniability!

I agree that the choice of such a weak process seems "unsettling", especially for single use - I can only imagine that 6 or 7 years ago (when I imagine 18 was being specced) it all seemed "good enough".