Re: Access to Storage and Communication Keys
At 10:06 PM 6/9/97 -0400, Marc Horowitz wrote:
To me, mail encryption is not communications encryption. The mail message is encrypted, just like a file might be. Then those encrypted bits are sent over the net. It is precisely because I have access to the ciphertext as a separate entity that this is not communications encryption.
An interesting perspective, but I don't know that it works. For this to make sense, either the business needs to have access to the stored received email if the user gets run over by a police car, or else the business needs to know that it doesn't _need_ access - either because the mail isn't business related, or because the business-related parts have been transferred to other systems using a convenient user interface. On the other hand, if receiving email with encrypted attachments is _in_convenient to store in a mail system, maybe it will help encourage people not to use that mail system for storing messages, or to junk the mail system entirely :-) (I'm thinking here of systems like IBM PROFS and Microsoft Mail, which both encourage storage in their monolithic mailboxes.
The *only* reason to escrow communications keys is to spy on people; there is never an opportunity for data loss here. Yeah! (Actually, the other reason to escrow them is because you're using the same keys for communication and storage, and you have potentially decent business reasons for backup of storage keys, but that's only the case if you're not using a sufficiently flexible cryptosystem and are using key backup instead of data backup, which is really the preferred approach anyway.)
# Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
On Tue, 10 Jun 1997, Bill Stewart wrote:
and you have potentially decent business reasons for backup of storage keys, but that's only the case if you're not using a sufficiently flexible cryptosystem and are using key backup instead of data backup, which is really the preferred approach anyway.)
I could envision situations where you wouldn't want to backup plaintext, but only ciphertext. In those situations, key backup would also be necessary. This would require the use of passphrases or some other tokens to utilize the backed up keys. -- Phil Helms Internet: phil@cccs.cccoes.edu Community College Computer Services Phone: 303/595-1524 Denver, Colorado FAX: 303/620-4697
On Tue, Jun 10, 1997 at 12:12:36PM -0700, Phil Helms wrote:
On Tue, 10 Jun 1997, Bill Stewart wrote:
and you have potentially decent business reasons for backup of storage keys, but that's only the case if you're not using a sufficiently flexible cryptosystem and are using key backup instead of data backup, which is really the preferred approach anyway.)
I could envision situations where you wouldn't want to backup plaintext, but only ciphertext. In those situations, key backup would also be necessary. This would require the use of passphrases or some other tokens to utilize the backed up keys.
If you have data you wish to guard from disclosure I think that in most circumstances you want to back up ciphertext. It is a *lot* cheaper to secure a piece of paper with a passphrase on it (in a safe deposit box, for example) than it is guard a gigabyte of backup tapes. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
On Tue, 10 Jun 1997, the spooks made the tentacle named Kent Crispin write the following bad advice:
If you have data you wish to guard from disclosure I think that in most circumstances you want to back up ciphertext. It is a *lot* cheaper to secure a piece of paper with a passphrase on it (in a safe deposit box, for example) than it is guard a gigabyte of backup tapes.
BBBBZZZZZZZZZT! Wrong! Passphrases can be memorized. 4mm DAT tapes hold several gigs and are tiny. Ever see one? Fits in your pocket. It's smaller that an audio cassette. Fairly easy to guard, but, if your data is backed up in encrypted form (cyphertext), and not clear text, you don't even need to bother protecting the tape. (That is unless your backup software uses a weak cypher as most tend to do.) [FYI: Your knowledge of tape technologies is severly lacking. 4mm tapes hold 2-4Gb. Exabytes 5Gb-10Gb. Mamouth Exabytes (same size as 8mm camcorder video tapes, smaller than audio cassettes) hold as much as 40Gb in a very small form factor.] Or if you are afraid of loss to EMI and such, backup to MO media, or to CDR media. You can get 4Gb MO's these days fairly cheap, and since they're just like hard drives you don't need to use backup software. They're impervious to accidental wiping by magnetic waves, and they're rewriteable, which means you don't have to pay much money to do new backups. OTOH, they are rewriteable, you might want to burn CD's, which only store 650M, but two of them will easily store 1.2Gb, and prevent loss by erasure. At less than $6 in bulk this is very cheap. You sti.l have to protect the media from heat, direct sunlight, dust, scratches, liquids, etc... The best way to go is to have an encrypted volume, unmount the volume before backing it up, and backup the sectors on the volume instead of individual files. To be safe, I'd run several backups since if the tape goes bad on a spot that holds inodes, you've lost several directories... But you can leave the tapes unprotected in clear view of the world. They're useless to those that don't have the passphrase. Hence it costs you $0.0 to secure tapes that hold strongly encrypted information. It costs a lot more to protect that said piece of paper. (I would still advocate keeping a set of tapes offsite in case of fire or other local physical disaster - but the security risk of keeping them unsecured is still zero if you are using a good hard drive encryptor that uses strong crypto.) If you are paranoid, you could encrypt your backup with a different cypher. (i.e. use IDEA on the hard drive, then backup and encrypt the encrypted drive with 3DES and Blowfish, all using different passphrases.) Yes, you can write your passphrase on paper, but if someone finds it you are screwed. Giving such advice is dangerous. It is as if you told someone to put a PostIt(tm) note with their account and password on their monitor, or to use their birthday as their password, or their dog's name. Paper is very easily compromised. Weak passwords and passphrases are also easily compromised. If you want to protect your passphrase agaist memory failures (human memory that is), break it up with a secure split function, and save it to disk (or print it out in hex), then give a piece to each of several trusted parties - who do not know each other. Something along the lines of a K of N system where you'd need 5 pieces out of 8 to restore the passphrase. Oh, and those trusted parties should not be government agencies for the simple reason of how beurocracies work. One could be a safety deposit box, another could be a family lawyer (but make sure it's not a big agency), another a cousin in a differnet city, another a neighbor, etc... (I.E. I wouldn't leave anything with the CIA - see the news headlines for all the reports of double agents bought off by the Russians, etc... though it is more likely that the NSA would be safer place to store, either because it has better controls on the data, or more likely because reports of double agents there never reached the media...) Still I wouldn't go that route, though you personally might. In general, you don't want to leave them in the hands of corporations/agencies where folks getting paid $5.50/hour can be easily bribed, or leaned on, or rubberhose persuaded, or sold to the "If you knew what I knew" and "I'm from your government and here to help you" lines. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "Boy meets beer. Boy drinks Beer, |./|\. ..\|/..|sunder@sundernet.com| Boy gets another beer!" |/\|/\ <--*-->| ------------------ | |\/|\/ ../|\..| "A toast to Odin, | For with those which eternal lie, with |.\|/. .+.v.+.|God of screwdrivers"| strange aeons, even death may die. |..... ======================== http://www.sundernet.com =========================
Ray Arachelian <sunder@brainlink.com> writes:
Passphrases can be memorized. 4mm DAT tapes hold several gigs and are tiny. Ever see one? Fits in your pocket. It's smaller that an audio cassette. Fairly easy to guard, but, if your data is backed up in encrypted form (cyphertext), and not clear text, you don't even need to bother protecting the tape. (That is unless your backup software uses a weak cypher as most tend to do.) [FYI: Your knowledge of tape technologies is severly lacking. 4mm tapes hold 2-4Gb. Exabytes 5Gb-10Gb. Mamouth Exabytes (same size as 8mm camcorder video tapes, smaller than audio cassettes) hold as much as 40Gb in a very small form factor.]
I'm actually thinking of getting a pair of 4mm tape drives to replace my existing backup system (very old drives that use DC 600As; only .25GB / drive, pretty slow, no NT drivers; time to upgrade) I wonder: if the data is well-encrypted, wouldn't it make the compression pretty ineffective? Also: can somebody recommend good, fast 4MM drives that go inside a PC and work off a SCSI controller, and are supported by Windows NT and 95 with no special drivers? (I don't care about OS/2 and Linux support) [I guess I'll burn the old media or something. :-) I still have about 3 cubic feet of 5.25" floppies that I don't know how to discard] --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Dr.Dimitri Vulis KOTM wrote:
Ray Arachelian <sunder@brainlink.com> writes:
Passphrases can be memorized. 4mm DAT tapes hold several gigs and are tiny. Ever see one? Fits in your pocket. It's smaller that an audio cassette. Fairly easy to guard, but, if your data is backed up in encrypted form (cyphertext), and not clear text, you don't even need to bother protecting the tape. (That is unless your backup software uses a weak cypher as most tend to do.) [FYI: Your knowledge of tape technologies is severly lacking. 4mm tapes hold 2-4Gb. Exabytes 5Gb-10Gb. Mamouth Exabytes (same size as 8mm camcorder video tapes, smaller than audio cassettes) hold as much as 40Gb in a very small form factor.]
I'm actually thinking of getting a pair of 4mm tape drives to replace my existing backup system (very old drives that use DC 600As; only .25GB / drive, pretty slow, no NT drivers; time to upgrade)
I wonder: if the data is well-encrypted, wouldn't it make the compression pretty ineffective?
You can compress before the encryption (if the encryption algorithm does not do compression). tar cvfz - /directory | Encrypt > /dev/ftape or something like that. Another thing to worry about is being able to at least partially restore data if one or several blocks get corrupted. - Igor.
On Tue, 10 Jun 1997, Dr.Dimitri Vulis KOTM wrote:
I'm actually thinking of getting a pair of 4mm tape drives to replace my existing backup system (very old drives that use DC 600As; only .25GB / drive, pretty slow, no NT drivers; time to upgrade)
I'd keep those. Never know what they might be worth to a computer junk collector or museum 50 years from now.
I wonder: if the data is well-encrypted, wouldn't it make the compression pretty ineffective?
You got it. Compression won't happen. But you can compress the data before you encrypt it. i.e. use PKZIP or whatever to zip up your data to a nice big zip file, encrypt the zip file with PGP or whatever, and backup just the zip file. (I'd do all this on an encrypted volume and set the temp variable also to the encrypted volume so you won't have data fragments leaking all over your drive in plain text for the spooks to snarf up later.)
Also: can somebody recommend good, fast 4MM drives that go inside a PC and work off a SCSI controller, and are supported by Windows NT and 95 with no special drivers? (I don't care about OS/2 and Linux support)
All the DAT drives I've seen are SCSI. There are internal ones out there. I'd stay away from the weird ones like HP or Sony, and get some generic one. Get a DDS2 drive if you can.
[I guess I'll burn the old media or something. :-) I still have about 3 cubic feet of 5.25" floppies that I don't know how to discard]
Run them through a degauser several times then auction them off or whatever. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "Boy meets beer. Boy drinks Beer, |./|\. ..\|/..|sunder@sundernet.com| Boy gets another beer!" |/\|/\ <--*-->| ------------------ | |\/|\/ ../|\..| "A toast to Odin, | For with those which eternal lie, with |.\|/. .+.v.+.|God of screwdrivers"| strange aeons, even death may die. |..... ======================== http://www.sundernet.com =========================
I wonder: if the data is well-encrypted, wouldn't it make the compression pretty ineffective?
Well encrypted data is, by definition, incompressible. Data compression is, for this reason, always preformed prior to encryption. --Steve PGP mail preferred Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 Key available on BAL server, http://www-swiss.ai.mit.edu/~bal/pks-toplev.html --------------------------------------------------------------------- Steve Schear | tel: (702) 658-2654 CEO | fax: (702) 658-2673 First ECache Corporation | 7075 West Gowan Road | Suite 2148 | Las Vegas, NV 89129 | Internet: azur@netcom.com --------------------------------------------------------------------- I know not what instruments others may use, but as for me, give me Ecache or give me debt. SHOW ME THE DIGITS!
On Tue, Jun 10, 1997 at 03:20:27PM -0400, Ray Arachelian wrote:
On Tue, 10 Jun 1997, the spooks made the tentacle named Kent Crispin write the following bad advice:
If you have data you wish to guard from disclosure I think that in most circumstances you want to back up ciphertext. It is a *lot* cheaper to secure a piece of paper with a passphrase on it (in a safe deposit box, for example) than it is guard a gigabyte of backup tapes.
BBBBZZZZZZZZZT! Wrong!
Passphrases can be memorized.
Chinese proverb: "The strongest memory is weaker than faded ink".
4mm DAT tapes hold several gigs and are tiny.
[excoriating exposure of my stupidity deleted] You're right -- I misspoke. I confess that I don't pay much attention to tape technology. I was just thinking about the robotic silos at work -- of course, they hold a lot more than gigabytes -- individual data files on them are frequently many gigabytes. In this environment (admittedly atypical, though some commercial enterprises are probably at least as large) it would clearly be cheaper to guard keys than it would be to guard the tapes. But they guard the tapes anyway. [long tape tutorial deleted]
But you can leave the tapes unprotected in clear view of the world. They're useless to those that don't have the passphrase. Hence it costs you $0.0 to secure tapes that hold strongly encrypted information. It costs a lot more to protect that said piece of paper.
After all that humiliation, thank you for exactly making my point. You guard the keys, you don't guard the tapes.
If you are paranoid, you could encrypt your backup with a different cypher. (i.e. use IDEA on the hard drive, then backup and encrypt the encrypted drive with 3DES and Blowfish, all using different passphrases.)
Ah yes, remembering *all* those passphrases, and what happens if you forget?
Yes, you can write your passphrase on paper, but if someone finds it you are screwed.
You are screwed if you forget it, to. Either eventuality can be disastrous, depending on the circumstances. For many types of data losing access to the data is a far bigger disaster than unauthorized exposure.
Giving such advice is dangerous. It is as if you told someone to put a PostIt(tm) note with their account and password on their monitor, or to use their birthday as their password, or their dog's name. Paper is very easily compromised. Weak passwords and passphrases are also easily compromised.
I am quite familiar with all these issues, Ray. The scheme is that you write the passphrase on a piece of paper, and put the paper in a vault. This reduces the risk of loss of access, and increases the risk of exposure. In real environments you evaluate both risks. Put it in other terms: you have $1000000000 in untraceable ecash sitting encrypted on your disk. Which is worse: having it stolen, or losing the key that decrypts it? The answer is, they are equally bad. Indeed you can use secret sharing techniques to hide the key -- for $1000000000 I probably would. For all the secrets I currently know, putting the key in a vault is sufficient security. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
etc etc etc . . .
For all the secrets I currently know< etc etc etc . . .
I was taught in anarchist primary school that: "Secrecy is a tool of the State". Two daughters of a silk merchant live it Kyoto, The elder is twenty, the younger, eighteen. A soldier may kill with his sword, But these girls slay men with their eyes.
On Fri, Jun 13, 1997 at 01:15:04AM +0000, Peter Nicol - VRL / BroomStick Productions wrote:
etc etc etc . . .
For all the secrets I currently know< etc etc etc . . .
I was taught in anarchist primary school that:
"Secrecy is a tool of the State".
Of course, we are all far past primary school, of whatever stripe, and realize that the world is a complex place that doesn't adhere to any particular ideology.
Two daughters of a silk merchant live in Kyoto, The elder is twenty, the younger, eighteen. A soldier may kill with his sword, But these girls slay men with their eyes.
Basho? -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
participants (8)
-
Bill Stewart -
dlv@bwalk.dm.com -
ichudov@Algebra.COM -
Kent Crispin -
Peter Nicol - VRL / BroomStick Productions -
Phil Helms -
Ray Arachelian -
Steve Schear