On Tue, Jun 10, 1997 at 03:20:27PM -0400, Ray Arachelian wrote:
On Tue, 10 Jun 1997, the spooks made the tentacle named Kent Crispin write the following bad advice:
If you have data you wish to guard from disclosure I think that in most circumstances you want to back up ciphertext. It is a *lot* cheaper to secure a piece of paper with a passphrase on it (in a safe deposit box, for example) than it is guard a gigabyte of backup tapes.
BBBBZZZZZZZZZT! Wrong!
Passphrases can be memorized.
Chinese proverb: "The strongest memory is weaker than faded ink".
4mm DAT tapes hold several gigs and are tiny.
[excoriating exposure of my stupidity deleted] You're right -- I misspoke. I confess that I don't pay much attention to tape technology. I was just thinking about the robotic silos at work -- of course, they hold a lot more than gigabytes -- individual data files on them are frequently many gigabytes. In this environment (admittedly atypical, though some commercial enterprises are probably at least as large) it would clearly be cheaper to guard keys than it would be to guard the tapes. But they guard the tapes anyway. [long tape tutorial deleted]
But you can leave the tapes unprotected in clear view of the world. They're useless to those that don't have the passphrase. Hence it costs you $0.0 to secure tapes that hold strongly encrypted information. It costs a lot more to protect that said piece of paper.
After all that humiliation, thank you for exactly making my point. You guard the keys, you don't guard the tapes.
If you are paranoid, you could encrypt your backup with a different cypher. (i.e. use IDEA on the hard drive, then backup and encrypt the encrypted drive with 3DES and Blowfish, all using different passphrases.)
Ah yes, remembering *all* those passphrases, and what happens if you forget?
Yes, you can write your passphrase on paper, but if someone finds it you are screwed.
You are screwed if you forget it, to. Either eventuality can be disastrous, depending on the circumstances. For many types of data losing access to the data is a far bigger disaster than unauthorized exposure.
Giving such advice is dangerous. It is as if you told someone to put a PostIt(tm) note with their account and password on their monitor, or to use their birthday as their password, or their dog's name. Paper is very easily compromised. Weak passwords and passphrases are also easily compromised.
I am quite familiar with all these issues, Ray. The scheme is that you write the passphrase on a piece of paper, and put the paper in a vault. This reduces the risk of loss of access, and increases the risk of exposure. In real environments you evaluate both risks. Put it in other terms: you have $1000000000 in untraceable ecash sitting encrypted on your disk. Which is worse: having it stolen, or losing the key that decrypts it? The answer is, they are equally bad. Indeed you can use secret sharing techniques to hide the key -- for $1000000000 I probably would. For all the secrets I currently know, putting the key in a vault is sufficient security. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html