encrypted tapes

dan at geer.org dan at geer.org
Fri Jun 10 16:51:11 EDT 2005


On 6/8/05, perry at piermont.com (Perry E. Metzger) wrote:
-+------------------------------------------------------
 | If you have no other choice, pick keys for the next five years,
 | changing every six months, print them on a piece of paper, and put it
 | in several safe deposit boxes. Hardcode the keys in the backup
 | scripts. When your building burns to the ground, you can get the tapes
 | back from Iron Mountain and the keys from the safe deposit box.
 | 


Assuming I even understand the problem,
this is, in fact, one of the wonderful
uses of split-key (threshold) crypto;
including scale-down to the individual
desktop.

split K as 2-of-3 quorum
   (1) smartcard
   (2) laptop
   (3) corp server

encrypt disk using K (or another key protected by K, of course)

situations handled
   (a) Dan offline inside Faraday cage, use frags 1,2 to do work
   (b) fire Dan / confiscate laptop, use frags 2,3 to read disk
   (c) Dan leaves laptop in cab, use frags 1,3 to recover from backup

We can (for backup tapes) make 2-of-N
splits.  This would allow each tape
of a multi-volume tape set to be
"partially" encrypted in a different
fragment which nevertheless could have
its encryption "completed" by the common
fragment held centrally thus making each
tape a different cryptanalysis problem
for the attacker but without the apparent
key management overhead for the good guys.
As one fragment of a quorum can be set in
advance, that fragment could be common to
several otherwise non-communicating sets
of tapes and thus be the one retained in
that central, good-guy location.

And so forth.

Disclaimer: I am a good enough mathematician
to know how bad a mathematician I really am
so, in the usual Internet practice, a flood
corrections/denunciations will doubtless
now commence.

--dan

ref:
Geer DE & Yung M : Threshold Cryptography for the Masses,
Proceedings, Sixth International Financial Cryptography Conference,
Southampton, Bermuda, 11-14 March 2002.
http://geer.tinho.net/geer.yung.PDF



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list