[Cryptography] Keeping backups (was Re: Separating concerns

[Peter Gutmann]

Phillip Hallam-Baker <hallam at gmail.com> writes:

>To backup the key we tell the device to print out the escrow data on paper.
>Let us imagine that there there is a single sheet of paper which is cut into
>six parts as follows:

You read my mind :-).  I suggested more or less this to a commercial provider
a month or so back when they were trying to solve the same problem.
Specifically it was "if you lose your key/password/whatever, you can't call
the helpdesk to get your data back, it's really gone", which was causing them
significant headaches because users just weren't expecting this sort of thing.
My suggestion was to generate a web page in printable format with the key
shares in standard software-serial-number form (XXXXX-XXXXX-XXXXX etc) and
tell people to keep one part at home and one at work, or something similar,
and to treat it like they'd treat their passport or insurance documentation.

Peter.