encrypted tapes
Bill Frantz
frantz at pwpconsult.com
Wed Jun 8 22:15:52 EDT 2005
On 6/8/05, perry at piermont.com (Perry E. Metzger) wrote:
>If you have no other choice, pick keys for the next five years,
>changing every six months, print them on a piece of paper, and put it
>in several safe deposit boxes. Hardcode the keys in the backup
>scripts. When your building burns to the ground, you can get the tapes
>back from Iron Mountain and the keys from the safe deposit box.
I think I would be tempted to keep a private key in those safe deposit boxes, and when writing the backup tape, pick a "random" (as best you can with the hardware and software available) session key, encrypt it using the public key, hard coded in the backup procedure, and write the encrypted result as the first part of the backup. This procedure allows you to keep your secrets hidden away, at least until you need to use one of the tapes.
Cheers - Bill
IP note: This technique is so obvious to any practitioner skilled in the art as to be non-patentable (except in the USA, where obviousness is no barrier). In any case I put it into the public domain.
-----------------------------------------------------------------------
Bill Frantz | gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345 Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos, CA 95032
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list