encrypted tapes

[Dirk-Willem van Gulik]

On Wed, 8 Jun 2005, Perry E. Metzger wrote:

> Dan Kaminsky <dan at doxpara.com> writes:

> > Yes, because key management is easy or free.

Eh - my experience is that that is where 99% of the cost is - in the whole
human procedures and vetting around it. The paper work, the auditing,
dealing with corperate power shuffles, getting 'hard' retention rules out
of the resonsible people and their conflicting advisors, etc.

> If you have no other choice, pick keys for the next five years,
> changing every six months, print them on a piece of paper, and put it
> in several safe deposit boxes. Hardcode the keys in the backup

We've been doing systems much like this; with the added twist that a) data
is keyed to a key matching how long its retention policy is, b) every
month or so certain private keys are destroyed as the data keyed to has
reached its limit and c) they are stored (with a recovery scheme) on
tamperproof dallas iButtons (which have a reliable clock) to make the
issues around operations (destroy at the right time) and trust (no need to
trust they key maker).

> Er, no. An error in CBC wipes out only the following block. Errors do
> not propagate past that in CBC. This is not especially worse than the
> situation right now.

And in actual practice we do not see this in the real world. We -do- see
serious issues with the compression used inside the drives though.
Specialist can help you - and the data you get back from them can then be
decrypted. The fact that it is opaque is not a problem for those recovery
experts.

Dw.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com