crypto question

[Mike Brodhead]

> The usual good solution is to make a human type in a secret.

Of course, the downside is that the appropriate human must be present
for the system to come up properly.  

In some situations, the system must be able to boot into a working
state.  That way, even if somebody accidentally trips the power-- I've
had this happen on production boxen --the system outage lasts only as
long as the boot time.  If a particular human (or one of a small
number of secret holders) must be involved, then the outage could be
measured in hours rather than minutes.

Don't forget that Availability is also an important aspect of
security.  It all depends on your threat model.

--mkb



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com