[Cryptography] Came up with a weird use case, got questions
Bill Frantz
frantz at pwpconsult.com
Mon Jan 7 13:38:08 EST 2019
On 1/7/19 at 10:38 PM, phill at hallambaker.com (Phillip
Hallam-Baker) wrote:
>The most robust schemes in practice are going to involve ceremony and some
>form of trusted hardware. We could build a HSM such that it will only
>release the data if it receives a signed statement of the current time from
>a trusted source. Throw it in a vault and bring it out after 100 years. It
>will probably work. If built right.
>
>Establishing a quorate notary that can be trusted to sign time is rather
>easier. Each notary would have to delegate its function to a successor
>periodically but that should not be too difficult to ensure.
>
>Of course there is then a real risk that the data is lost because the
>notaries don't continue their function.
There are a lot of causes of risk of data loss. Bit rot in
storage media is a real worry. The best solution is to copy the
data regularly. For the encrypted data, the only downside is the
storage cost. For the keys it introduces a new complication in
maintaining secrecy.
There is also risk of transistor failure in the HSM due to
dopant migration over time. We don't have experience with
transistor equipment over long periods of time. Our experience
with tube equipment, which is about 100 years, is that
electrolytic capacitors die unless treated with a low voltage
for a while to rebuilt their insulation layer. Sometimes they
die anyway. I can't think of a way of keeping a HSM alive over
long periods of time, certainly not one that is anywhere near as
easy as copying data.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz | "I wish there was a knob on the TV to turn
up the
408-356-8506 | intelligence. There's a knob called
"brightness", but
www.pwpconsult.com | it doesn't work. -- Gallagher
More information about the cryptography
mailing list