encrypted tapes (was Re: Papers about "Algorithm hiding" ?)

Steven M. Bellovin smb at cs.columbia.edu
Tue Jun 7 20:34:30 EDT 2005 

In message <87ll5lloe1.fsf_-_ at snark.piermont.com>, "Perry E. Metzger" writes:
>
>
>The truth is, the likely reason no one encrypted the data on the tapes
>in transit was because no one thought to do it, or they were too lazy
>to bother to make even the simplest effort, or both.

I don't completely agree.  While I suspect that laziness or lack of thought
are the primary problems, there are some real costs.  The minor one is 
compression: most modern tape drives compress the data before writing, 
and you can't compress encrypted data.  That means they'd need to 
compress in software before writing to the tape; that chews up CPU time 
that they may not have to spare on the machines in question.  (Remember 
that we're talking about massive amounts of data here.)

The bigger issue, though, is more subtle: keeping track of the keys is 
non-trivial.  These need to be backed up, too, and kept separate from 
(but synchronized with) the tapes.  Worse yet, they need to be kept 
secure.  That may mean storing the keys with a different escrow 
company.  A loss of either piece,the tape or the key, renders the 
backup useless.  

Backups are not very reliable to start with.  Too few companies do 
regular checks on the adequacy or quality of their backups.  Most 
companies feel they can't afford lowering the reliability even further.

...

>The only thing that will fix this having enough people get so badly
>burned that CEOs start taking heads when people do dumb things. I
>imagine it can't be too many more years before that becomes the case.
>
Bingo.  Especially the CEO's head -- or the CFO's head, or the general 
counsel's -- for some of the mistakes we've seen.  But there's no one 
cause.  For those who subscribe to the Wall Street Journal online, see
http://online.wsj.com/documents/info-idtheft0504.html?mod=technology_main_promo_left
for a chart of recent failures to protect identity data.  Of the 10 
failures for which a cause is listed, though, 4 were loss of tapes in 
transit.  (One was a shipment of tapes to a credit bureau.)  2 involved 
hacking, one was an inside job, one was a stolen laptop, and 2 were 
fraudulent use of logins and passwords.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list