Re: Key backup (was: How do I know . ..)
-----BEGIN PGP SIGNED MESSAGE----- 'Adam Shostack' was reported to have written:
Putting the UPC's on things other than cards (such as books) makes it easier to hide in the open. `UPC' stickers on, say, a few books are easier to miss than UPC stickers on index cards.
Exactly. If the intention is to keep them out in the open, then making labels which resemble UPCs is preferred. However, if I'm going to dig a hole in the ground at a secret location and bury my barcoded key in a special container, a different format might be indicated.
Invisible ink draws attention to the correct UPC's once they know you're using it. See Kahn for a discussion of secret inks being developed during the second world war.
I'll do that, but I think you might be intermixing ideas. Pseudo-UPCs in invisible ink wouldn't be a good combination. Pseudo-UPCs should probably be printed exactly like normal UPCs. If you want the "invisible ink" process, it should probably blend into the ambient environment as much as possible. Even if "they" know you're using secret ink, don't "they" have to find the printed key first? How much work is required to check every page of every book and every sheet of paper you might have access to? You could mail your key anywhere in the world invisibly printed on the outside of an envelope. Better yet, send someone a special document (wedding announcement, legal document, 21st birthday card, whatever; the important part is to send something that the recipient will keep) with your keyring invisibly printed on it. Variations on this theme (there are many) are encouraged. Have a friend check out a library book and let you stamp your key somewhere inside. It's the number of possible variations that make this seemingly impossible to attack. Apologies if this "secret ink" stuff is way off base ;-) . Most people (myself included) would opt for the "split and disguise" or "hidden/buried" key schemes where secret ink wouldn't add much security.
If you want to hide bits, they should be stripped of low entropy parts and hidden with a stego program.
The idea was to use something other than magnetic media. A new and different optical encoding method could be devised to hide a key in a halftone, but the barcode example was offered as one possibility using an existing standard. The basis for this thread was the perceived need for a relatively simple key backup system that didn't require the active participation of a whole hoard of people. =D.C. Williams <dcwill@ee.unr.edu> - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLx2rEyoZzwIn1bdtAQEBVAGAzJc1fOAchLGEIlnbQBiJXV2cICE2WK8e 8FnXnP8ztcWEdUCYY0vjDewiLI2iW4bt =tUR2 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- In article <199501182358.SAA29305@bb.hks.net>, you wrote:
Variations on this theme (there are many) are encouraged. Have a friend check out a library book and let you stamp your key somewhere inside. It's the number of possible variations that make this seemingly impossible to attack. Apologies if this "secret ink" stuff is way off base ;-) .
Most people (myself included) would opt for the "split and disguise" or "hidden/buried" key schemes where secret ink wouldn't add much security.
'Adam Shostack' was reported to have written:
If you want to hide bits, they should be stripped of low entropy parts and hidden with a stego program.
The idea was to use something other than magnetic media. A new and different optical encoding method could be devised to hide a key in a halftone, but the barcode example was offered as one possibility using an existing standard. The basis for this thread was the perceived need for a relatively simple key backup system that didn't require the active participation of a whole hoard of people.
Pat Cadigan, in her novel SYNNERS, had the off-beat idea of having crucial data encoded into graphical images and tattooed onto the skins of beach bums. I've heard of worse ideas. . . . | PROOF-READER, n: A malefactor who atones for Alan Bostick | making your writing nonsense by permitting abostick@netcom.com | the compositor to make it unintelligible. finger for PGP public key | Ambrose Bierce, THE DEVIL'S DICTIONARY Key fingerprint: | 50 22 FB 46 41 A3 17 9D F7 33 FF E1 4E 1C 89 79 +legal_kludge=off -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQB1AgUBLyBy+eVevBgtmhnpAQF2ogMAh5Br252k6h29mcNepsDfo0htW32AmcfX 6YpJZycKs95V3foxd5pdjtuPqdkEeI03n966g3TXRbgNSe3dX7je1h8b6wsDH9hF CWsabq/Z5KgiRUIGHDrcEtKpsl0+Xf2y =txNr -----END PGP SIGNATURE-----
Alan Bostick wrote:
Pat Cadigan, in her novel SYNNERS, had the off-beat idea of having crucial data encoded into graphical images and tattooed onto the skins of beach bums.
I've heard of worse ideas. . . .
She's a better novelist than an information theorist... All the talk recently about data havens [secure storage variety] got me to thinking. (In case you're wondering, I specified [secure storage variety] becuase there seems to be some confusion, or at lest conflation, about what a "data haven" does. Is it for selling illegal data publically? Is it for storing sensitive material, privately? Something else?) Anyway, for securely storing data that one wishes to be able to later retrieve, but wishes thieves and authorities not to have, here are some major possibilities: 1. The old stand-by. Keep copies of data at a friend's house. (This is what I do, to guard against fires or thefts or ransackings by the Thought Police.) (Knowing where the stuff is stored is part of the "key" to getting it, and only adds a few bits to the overall key lenth in most cases. That is, not much security against a capable adversary, But fires are usually pretty dumb, and cops not much smarter, so this works pretty well.) 2. True secure storage, using a commercial service. Mineshafts, salt domes, concrete buildings, etc. are commonly used for this. Corporate records, etc. Pay a fee, store your files, etc. Of course, a subpoena will get the data posthaste. 2A. Offshore secure storage, in a jurisdiction that will no honor subpoenas form one's country. Lots of obvious issues here: bribery of the vault, pressures applied locally, black bag jobs, etc. 3. Encryption, with either local or remote storage. 3A. Encrypted, but local. This is by far the most common scenario, the one most of us use all the time. Can the authorities force disclosure of a key? I have a *lot* on this in my FAQ, so I won't repeat it here. Basic conclusion: has not been tested, but it is unlikey that a defendent who claims to have "forgotten" his passphrase, or who just clams up, will get zapped for this, per se. 3B. Encrypted, offshore. Actually, this is similar to the above. If the court can compell decryption, it can certainly compell retrieval of files. And if it can't compell decryption, the files are no less safe if stored locally. (But I admit that the realities are not so simple. Offshore storage offers some additionaal advantages. For one, "duress codes" that the site owner in Belize that the person requesting the material, in LA, is actually under duress. The site operator can then report back a convenient "disk crash" and the authorities will be screwed. This stratagem is harder to do cleanly in the U.S., for example, where the site owner might be subpoenaed.) 4. Purloined Letter. Hide it in plain site. Steganography, in one of your hundreds of DATs, or in GIFs and PICTs, etc. Without the key, they won't know where it is. (I've been pushing this since 1988, in postings on sci.crypt and elsewhere. Romana Machado and others have implemented the image-based version.) 5. A variant is to use ftp sites. Encrypt the data and place it in an ftp site that allows write access. Use remailers if you wish. Then, your secret data is stored in encrypted, unidentifiable form on someone else's computer, retrievable by you later. (Lots of issues here. Our never-realized "anonymous anonyomous ftp" capability could mean the storer would not even know what continent the site was on.) Well, these are just some of the ideas. Me, I stick to simply encrypting sensitive files and keeping a couple of copies in safe places. I don't think we ought to call these uses "data havens." Save the term "data haven" for those places, in cyberspace or in real space, that sell access to Nazi medical experiments, that sell illegal birth control information, that buy weapons secrets, and so on. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tc/tcmay
From: tcmay@netcom.com (Timothy C. May) I don't think we ought to call these uses "data havens." Save the term "data haven" for those places, in cyberspace or in real space, that sell access to Nazi medical experiments, that sell illegal birth control information, that buy weapons secrets, and so on. I fully concur. The connotations of the word "haven" imply activities that ordinary people don't see themselves doing. This means that ordinary people won't generally use something called a "haven", even if they might use exactly the same service called something else. Eric
participants (4)
-
abostick@netcom.com -
Dr. D.C. Williams -
eric@remailer.net -
tcmay@netcom.com