Key Escrow Good, GAK Bad
To me, Key Recovery cryptography is like using a condom with a hole in it. No thanks.
I agree in principle, and I doubt I would ever use a key recovery system if I had a choice. But, speaking as a network manager, I know that private key recovery (not GAK) can be an enhancement to security. I'll give an example. About a year ago, my boss wanted to protect his file of annual financial projections for the company from prying eyes on our Macintosh network. I installed CurveEncrypt on his machine, showed him how to use it, and gave him the standard lecture on choosing a good passphrase. I stressed that he needed to chose a passphrase easy to remember, because if he forgot it, there was no way to get his file back. Well, he forgot his passphrase. He spent an hour trying every combination he could think of, interjecting a curse here and there for color. He is now totally off using encryption to protect sensitive information. He refuses to use it, and he discourages anyone in the office from using it. I know that his position is unfair, but he _is_ the boss, so he makes the rules. And he is a typical computer user. If your average joe forgets his passphrase and loses two days worth of work, he's not likely to encrypt his work again. (Or he's likely to write down his passphrase in the future). If we were using a Key Escrow system, this situation could have been avoided. Yes, using a key escrow system is less secure that using a non-key escrow system, but I'd argue that using a strong key escrow system is better than using no encryption at all in situations like this. Our network is less secure that it could be because of one user's bad experience. Ken
Ken Kirksey writes:
To me, Key Recovery cryptography is like using a condom with a hole in it. No thanks.
I agree in principle, and I doubt I would ever use a key recovery system if I had a choice. But, speaking as a network manager, I know that private key recovery (not GAK) can be an enhancement to security.
I'll give an example. About a year ago, my boss wanted to protect his file of annual financial projections for the company from prying eyes on our Macintosh network. I installed CurveEncrypt on his machine, showed him how to use it, and gave him the standard lecture on choosing a good passphrase. I stressed that he needed to chose a passphrase easy to remember, because if he forgot it, there was no way to get his file back.
Well, he forgot his passphrase. He spent an hour trying every combination he could think of, interjecting a curse here and there for color. He is now totally off using encryption to protect sensitive information.
User education would be even easier than key escrow. Your boss could have shared that passphrase with one or more other people, ideally the people who helped him make the report. When you encrypt something that's vital to the company, you need to make sure that it can be gotten back. In most companies, there's more than one person who is 'cleared' for even the more vital information. The keys to those files should be shared amongst those people. Unfortunately, few encryption programs make this easy. And even though you can do it in PGP by encrypting to multiple recipients, how many people think to do so? I don't. Most programs assume that there's one key that that's used to encrypt everything, hence one level of security- the highest. But in a business situation you really need to be able to encrypt something with your key and your secretary's key, or the keys of all the board members, etc. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
-----BEGIN PGP SIGNED MESSAGE----- In <199701092357.PAA23840@slack.lne.com>, on 01/09/97 at 07:57 PM, Eric Murray <ericm@lne.com> said:
Ken Kirksey writes:
To me, Key Recovery cryptography is like using a condom with a hole in it. No thanks.
I agree in principle, and I doubt I would ever use a key recovery system if I had a choice. But, speaking as a network manager, I know that private key recovery (not GAK) can be an enhancement to security.
I'll give an example. About a year ago, my boss wanted to protect his file of annual financial projections for the company from prying eyes on our Macintosh network. I installed CurveEncrypt on his machine, showed him how to use it, and gave him the standard lecture on choosing a good passphrase. I stressed that he needed to chose a passphrase easy to remember, because if he forgot it, there was no way to get his file back.
Well, he forgot his passphrase. He spent an hour trying every combination he could think of, interjecting a curse here and there for color. He is now totally off using encryption to protect sensitive information.
User education would be even easier than key escrow. Your boss could have shared that passphrase with one or more other people, ideally the people who helped him make the report. When you encrypt something that's vital to the company, you need to make sure that it can be gotten back. In most companies, there's more than one person who is 'cleared' for even the more vital information. The keys to those files should be shared amongst those people.
Unfortunately, few encryption programs make this easy. And even though you can do it in PGP by encrypting to multiple recipients, how many people think to do so? I don't. Most programs assume that there's one key that that's used to encrypt everything, hence one level of security- the highest. But in a business situation you really need to be able to encrypt something with your key and your secretary's key, or the keys of all the board members, etc.
Would not this be the perfect senario for the implementation of Shamir's Secret Sharing? Rather that having several people being able to access the data independent of each other having a shared key where it requited say 3 out of 5 members to access the data? That way a breach of security of one key does not result in a breach of security of all data. Are there any know implementations of this? Thanks, - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii@amaranth.com for PGP Key and other info - ----------------------------------------------------------- Tag-O-Matic: Air conditioned environment - Do not open Windows. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMtXo/49Co1n+aLhhAQEZ3QP7BSwuDC7OyXpNPGg8HtROkHkMTpIP6oBf S/NvqazKt8PFsnmpY0m2aCaZzHUOSD5d42tOVxZr8xJK7ylm/DIbwACgRtGDL6yT 61RUn4c8kXoS8bKOCRWyQvcyZJWSy4ddcnTlj/y7zbmmKOqvxdWWf333+NvWsbG1 xpcsm6n7sy4= =v0Q6 -----END PGP SIGNATURE-----
Ken Kirksey sez:
I'll give an example. About a year ago, my boss wanted to protect his file of annual financial projections for the company from prying eyes on our Macintosh network. I installed CurveEncrypt on his machine, showed him how to use it, and gave him the standard lecture on choosing a good passphrase. I stressed that he needed to chose a passphrase easy to remember, because if he forgot it, there was no way to get his file back.
Well, he forgot his passphrase.
There's a low-tech solution. There's a stock GSA form for recording a container [safe] combo. You seal it up, put it in an envelope, you & witness sign across the flap. You store same in another container, such as in the security office. [THAT safe combo is usually kept in a 24-hour manned location such as the ECC or such.] Think along those lines, perhaps. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
Ken Kirksey wrote:
And he is a typical computer user. If your average joe forgets his passphrase and loses two days worth of work, he's not likely to encrypt his work again. (Or he's likely to write down his passphrase in the future). If we were using a Key Escrow system, this situation could have been avoided. Yes, using a key escrow system is less secure that using a non-key escrow system, but I'd argue that using a strong key escrow system is better than using no encryption at all in situations like this.
Key escrow is an easy-fix for securing company communications, and I am sure that it has its place in a situation such as yours, where you have to baby-sit people who want the full benefits of a technology that is beyond them. The problem, of course, is that, as TV has shown us for years, the 'lowest common denominator' becomes the rule. People will use key escrow for things that should actually have uncomprimisable security, and they will scream bloody murder when it is compromised. It wasn't that long ago when I was talking to the CEO of a company on a plane to Nantucket, and he was boasting about how he encrypted his files with Pkzip to thwart would-be intruders. I decrypted one of his files for him on the trip between the mainland and Nantucket (you go up, you go down, you're there). He was astounded. He had told me that his kid was a hacker, so I told him to ask his kid if he could access his 'protected' files. I forgot about the incident, but a few weeks later the guy tracked me down in Tucson (I had told him the name of my company), and told me that it took his kid less than a week of scouting around the local BBS's to find a program to crack Poppa's 'high-security' files. Key Escrow, I suppose, is like most other things--a trade-off. BTW, I occasionally 'write down' a reference to my passwords, as a 'reminder'. e.g. - Password / Zappa Concert--1980 (this reminds me of the password I used, which was 38-24-37RedHead) (sorry, no pictures) Toto
To me, Key Recovery cryptography is like using a condom with a hole in it. No thanks.
I agree in principle, and I doubt I would ever use a key recovery system if I had a choice. But, speaking as a network manager, I know that private key recovery (not GAK) can be an enhancement to security.
I'll give an example. About a year ago, my boss wanted to protect his file of annual financial projections for the company from prying eyes on our Macintosh network. I installed CurveEncrypt on his machine, showed him how to use it, and gave him the standard lecture on choosing a good passphrase. I stressed that he needed to chose a passphrase easy to remember, because if he forgot it, there was no way to get his file back.
Well, he forgot his passphrase. He spent an hour trying every combination he could think of, interjecting a curse here and there for color. He is now totally off using encryption to protect sensitive information. He refuses to use it, and he discourages anyone in the office from using it. I know that his position is unfair, but he _is_ the boss, so he makes the rules.
And he is a typical computer user. If your average joe forgets his passphrase and loses two days worth of work, he's not likely to encrypt his work again. (Or he's likely to write down his passphrase in the future). If we were using a Key Escrow system, this situation could have been avoided. Yes, using a key escrow system is less secure that using a non-key escrow system, but I'd argue that using a strong key escrow system is better than using no encryption at all in situations like this. Our network is less secure that it could be because of one user's bad experience.
Ken
participants (5)
-
David Lesher / hated by RBOC's in 5 states -
Eric Murray -
Ken Kirksey -
Toto -
William H. Geiger III