[Cryptography] Is storing a hash of a private key a security risk?

Tom Mitchell mitch at niftyegg.com
Tue Apr 12 16:31:07 EDT 2016


On Tue, Apr 12, 2016 at 4:13 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> For private keys stored in a secure enclave in an embedded environment,
> there's some concern that over long periods of time the key components may
> be
> subject to bit rot/corruption.  One possible solution is to store a
> truncated
> hash of the private key components outside the enclave and use that to
> verify
> that nothing has changed,


Bit rot is real.   Discovering bit rot is important but not sufficient
without knowing
what to do once bit rot has been discovered.
In a secure enclave having an ECC syndrome or three copies of the secret
can all
help as long as the nature of failure modes is understood.  For the most
part private keys
are small compared to modern storage devices.  Horizontal and vertical
parity could
detect recover single bit errors.
As long as the enclave is secret life is good.

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160412/d9661204/attachment.html>


More information about the cryptography mailing list