-----BEGIN PGP SIGNED MESSAGE----- 'Eric Hughes' was reported to have written:
You use your friends now because off-site storage facilities are not yet available. The software for distributed remote backup has yet to make this operation transparent.
Even when such a system becomes available, I don't think that it will obviate the need for relatively secure on-site storage. Banks and safe deposit boxes haven't completely precluded the demand for safes at home. Many people don't trust banks. Fewer will completely trust cypherbanks and distributed.net.storage systems.
I suspect that most private keys in the future will be held in PCMCIA cards (initially) and then their smaller replacements. Backing up a private key to these allows use of a safe deposit box.
Safe deposit boxes, by virtue of their accessibility to law enforcement, are subject to search and seizure under court order and are sealed in certain cases (probate). This makes them likely to be the first place to look when the Feds decide that we can't have keys anymore. Personally speaking, I'll take my chances with secure "on-site" storage, even if I choose a location other than my own home or business.
If it's still "passphrase-protected", an attacker would a) have to know what to look for
For scalability, most people will use some standard method, whatever it is. This limits the search space of an opponent.
If barcoding is our example, what's to prevent it from being printed in a format selected by the user? Printing on a small paper/plastic label and affixng it (in whole or in parts) to other objects effectively disguises it as a UPC label. You would have to know which labels are a part of a keyring for them to have any significance. Even George Bush now knows that every commercial product has a UPC on it somewhere. Many stores add their own UPC sticker to merchandise for inventory control purposes. Break a keyring into 4 or 5 pieces (whatever it takes to make each piece comparable in size and appearance to the standard UPC label), stick them on selected objects, and let someone who knows what they're looking for try and reconstruct your keyring from the universe of combinations of UPC labels found around your home. With an unknown number of parts, this seems like a practically insurmountable problem. This becomes a stego problem as well as a key decryption problem. With barcoding as the standard, another person prints his key on a small unmarked card and hides it somewhere deemed to be secure by him. The UPC-label attack fails because his keyring isn't disguised as UPC product labels. How does the attacker know what to look for? True Paranoids could devise some sort of "invisible ink" method, requiring UV or heat exposure before the barcode becomes visible. Now your backup key looks like a blank sheet of paper. ;-) My point is that with a regular barcode-generation program and a laser printer, an infinite number of formats and combinations can be created by individual users to suit their needs. You can print an 8.5 x 11 sheet with the title "PGP secret keyring" and put it in a frame hung on the wall, or you can print a bunch of split key pseudo-UPC labels and put one on the back of the frame to disguise it as the manufacturer's product label. One method is secure and the other is not, but the specifics are left to the user because the method is sufficiently flexible to allow a number of formats. I contend that anyone capable of running PGP properly is also capable of using a barcode printing program without difficulty (check out the back of PC Magazine). All that would need to be written is a short routine to convert the encrypted keyring into a format suitable as input for a program of this nature. Heck, there's probably a PD barcode program out there already. My question to the respected elders of this list is "how or why is this type of key backup system insecure, if it is in fact insecure?" =D.C. Williams <dcwill@ee.unr.edu> - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLx1VlyoZzwIn1bdtAQFT5QF+N2RGEpj37fT0iCUnPdnkaUWItbC+HHAj eFAyBU7fNOnHGwiriHnuEcYaZxBV6lst =l3PL -----END PGP SIGNATURE-----