[Cryptography] Keeping backups (was Re: Separating concerns
Dirk-Willem van Gulik
dirkx at webweaving.org
Fri Sep 6 03:18:34 EDT 2013
Would be interested & interesting. Been doing the same thing with on-chipcard generated public keys to to the 'reverse' - be able to wipe a part of your off-site backup store by cutting up the secret. So I think there is a general case - and I've got a gut feeling that when propably analysed some of the usual assumptions around KDFs do not quite hold (as in effect one can often cause a lot of known plaintext to be passed in).
Op 3 sep. 2013, om 17:02 heeft Phillip Hallam-Baker <hallam at gmail.com> het volgende geschreven:
> Want to collaborate on an Internet Draft?
> This is obviously useful but it can only be made useful if everyone does it in the same way.
> On Tue, Sep 3, 2013 at 10:14 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Phillip Hallam-Baker <hallam at gmail.com> writes:
> >To backup the key we tell the device to print out the escrow data on paper.
> >Let us imagine that there there is a single sheet of paper which is cut into
> >six parts as follows:
> You read my mind :-). I suggested more or less this to a commercial provider
> a month or so back when they were trying to solve the same problem.
> Specifically it was "if you lose your key/password/whatever, you can't call
> the helpdesk to get your data back, it's really gone", which was causing them
> significant headaches because users just weren't expecting this sort of thing.
> My suggestion was to generate a web page in printable format with the key
> shares in standard software-serial-number form (XXXXX-XXXXX-XXXXX etc) and
> tell people to keep one part at home and one at work, or something similar,
> and to treat it like they'd treat their passport or insurance documentation.
> Website: http://hallambaker.com/
> The cryptography mailing list
> cryptography at metzdowd.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography