On Tue, 10 Jun 1997, the spooks made the tentacle named Kent Crispin write the following bad advice:
If you have data you wish to guard from disclosure I think that in most circumstances you want to back up ciphertext. It is a *lot* cheaper to secure a piece of paper with a passphrase on it (in a safe deposit box, for example) than it is guard a gigabyte of backup tapes.
BBBBZZZZZZZZZT! Wrong! Passphrases can be memorized. 4mm DAT tapes hold several gigs and are tiny. Ever see one? Fits in your pocket. It's smaller that an audio cassette. Fairly easy to guard, but, if your data is backed up in encrypted form (cyphertext), and not clear text, you don't even need to bother protecting the tape. (That is unless your backup software uses a weak cypher as most tend to do.) [FYI: Your knowledge of tape technologies is severly lacking. 4mm tapes hold 2-4Gb. Exabytes 5Gb-10Gb. Mamouth Exabytes (same size as 8mm camcorder video tapes, smaller than audio cassettes) hold as much as 40Gb in a very small form factor.] Or if you are afraid of loss to EMI and such, backup to MO media, or to CDR media. You can get 4Gb MO's these days fairly cheap, and since they're just like hard drives you don't need to use backup software. They're impervious to accidental wiping by magnetic waves, and they're rewriteable, which means you don't have to pay much money to do new backups. OTOH, they are rewriteable, you might want to burn CD's, which only store 650M, but two of them will easily store 1.2Gb, and prevent loss by erasure. At less than $6 in bulk this is very cheap. You sti.l have to protect the media from heat, direct sunlight, dust, scratches, liquids, etc... The best way to go is to have an encrypted volume, unmount the volume before backing it up, and backup the sectors on the volume instead of individual files. To be safe, I'd run several backups since if the tape goes bad on a spot that holds inodes, you've lost several directories... But you can leave the tapes unprotected in clear view of the world. They're useless to those that don't have the passphrase. Hence it costs you $0.0 to secure tapes that hold strongly encrypted information. It costs a lot more to protect that said piece of paper. (I would still advocate keeping a set of tapes offsite in case of fire or other local physical disaster - but the security risk of keeping them unsecured is still zero if you are using a good hard drive encryptor that uses strong crypto.) If you are paranoid, you could encrypt your backup with a different cypher. (i.e. use IDEA on the hard drive, then backup and encrypt the encrypted drive with 3DES and Blowfish, all using different passphrases.) Yes, you can write your passphrase on paper, but if someone finds it you are screwed. Giving such advice is dangerous. It is as if you told someone to put a PostIt(tm) note with their account and password on their monitor, or to use their birthday as their password, or their dog's name. Paper is very easily compromised. Weak passwords and passphrases are also easily compromised. If you want to protect your passphrase agaist memory failures (human memory that is), break it up with a secure split function, and save it to disk (or print it out in hex), then give a piece to each of several trusted parties - who do not know each other. Something along the lines of a K of N system where you'd need 5 pieces out of 8 to restore the passphrase. Oh, and those trusted parties should not be government agencies for the simple reason of how beurocracies work. One could be a safety deposit box, another could be a family lawyer (but make sure it's not a big agency), another a cousin in a differnet city, another a neighbor, etc... (I.E. I wouldn't leave anything with the CIA - see the news headlines for all the reports of double agents bought off by the Russians, etc... though it is more likely that the NSA would be safer place to store, either because it has better controls on the data, or more likely because reports of double agents there never reached the media...) Still I wouldn't go that route, though you personally might. In general, you don't want to leave them in the hands of corporations/agencies where folks getting paid $5.50/hour can be easily bribed, or leaned on, or rubberhose persuaded, or sold to the "If you knew what I knew" and "I'm from your government and here to help you" lines. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "Boy meets beer. Boy drinks Beer, |./|\. ..\|/..|sunder@sundernet.com| Boy gets another beer!" |/\|/\ <--*-->| ------------------ | |\/|\/ ../|\..| "A toast to Odin, | For with those which eternal lie, with |.\|/. .+.v.+.|God of screwdrivers"| strange aeons, even death may die. |..... ======================== http://www.sundernet.com =========================