[Cryptography] Help please, considering design of personal CA for PPE

Jerry Leichter leichter at lrw.com
Thu Jun 19 13:36:08 EDT 2014 

On Jun 17, 2014, at 7:14 PM, Theodore Ts'o <tytso at mit.edu> wrote:
> Even if they are written on a piece of paper using a QR code, or some
> such, the piece of paper still has to be protected somehow.  Do you
> trust putting it in a safe deposit box?  Does your threat environment
> includes the possibility of a court order demanding access to said
> safe deposit box?
There is an interesting problem hiding in here.

- If you are concerned about demands on you personally to deliver the key; or,
alternatively, if you are concerned you'll forget the key; then something like a piece of paper in a safety deposit box is a good solution.

- If you are concerned that any physical copy can be compromised, but believe that your Fourth Amendment rights (or equivalent outside the US) against self-incrimination extend to revealing keying information and will be protected, then you want to use a memorized key.

If you're concerned about *both* kinds of attacks, it would seem you want a defense in depth, somehow combining the two mechanisms in such a way that an attacker (including "forgetting" as an attacker against stuff in human memory that isn't regularly exercised) would have to go through both.

That suggests splitting the key into two pieces.  One is on that piece of paper.  One is in your head.  To protect against forgetting, the piece of paper has *something* on it that you are reasonably sure will remind you of your half, even years later.

A simple approach would be a bunch of those personal questions - name of your kindergarden teacher, the first TV show you loved - with the answers hashed together and the result XOR'ed with a value on also on the page to generate your half of the secret.  Yes, this can be attacked by someone who investigates your life carefully enough, but it's better than nothing.  More of a problem is that as stated it's exquisitely sensitive to minor changes in spacing, punctuation, capitalization, and other perhaps-hard-to-remember meta-properties of the answers.  You'd want to run the answers through some kind of normalizer first.

It is possible to do better?
                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140619/aefa6461/attachment.bin>

More information about the cryptography mailing list