encrypted tapes (was Re: Papers about "Algorithm hiding" ?)
Mark Allen Earnest
mxe20 at psu.edu
Tue Jun 7 21:19:07 EDT 2005
Steven M. Bellovin wrote:
> The bigger issue, though, is more subtle: keeping track of the keys is
> non-trivial. These need to be backed up, too, and kept separate from
> (but synchronized with) the tapes. Worse yet, they need to be kept
> secure. That may mean storing the keys with a different escrow
> company. A loss of either piece,the tape or the key, renders the
> backup useless.
Basically, expensive or not, security is very hard to get right. When
you look at Choicepoint, Bank of America, and Citigroup (not to mention
universities and smaller businesses) they have little to no incentive to
keep your personal data secure. YOU bear the cost of data compromise,
not them. The worst they get is some bad publicity and only if it
affects CA residents, otherwise it can be kept quiet. The threat of bad
publicity does not mean much when next week your compromise due to bad
security will be forgotten as the media switches to the next one.
As it stands today, the cost/benefit analysis easily directs them away
from taking strong measures to protect customer's financial data. Doing
so is time consuming, opens up potential for problems, and gets them
next to nothing in return.
--
Mark Allen Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania State University
Lt Commander
Centre County Sheriff's Office Search and Rescue
KB3LYB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3200 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050607/8ebe5093/attachment.bin>
More information about the cryptography
mailing list