Key backup (was: How do I know . ..)
-----BEGIN PGP SIGNED MESSAGE----- 'Stig' was reported to have written:
Eric Hughes wrote:
pointer-to-chunk to each of 7 different people. In the case of catastrophe, you can recover your key.
I'll second Eric on the utility of this practice. I should've done this... I lost a new pgp key when my hard disk hit the fan last month. I can't even revoke it...
The "spread spectrum" approach might well be indicated for some life-or- death key security matters, but the vast majority of PGP users probably don't need or want to play Spy vs. Spy with their friends to backup keys. There must be a more reasonable way to backup non-critical keys. Magnetic media is much more reliable than it used to be, and less reliable than it will soon be, but it's still vulnerable to phenomena such as EMP. Friends are vulnerable to death and disagreements which may end their willingness to participate in the reconstruction of your key. I recognize that you can't just leave your private keyring lying around indiscriminately (especially if it's labeled "PGP private keyring"), but what's to prevent it from being reproduced in some kind of hard copy form (barcode? ASCII?) on some durable stock (credit card plastic?) and tucked away someplace especially safe? A credit card (postage stamp?) sized flat item is pretty easy to hide, especially if it's real function isn't obvious. I guarantee you that I can hide such an object in my home, tell you it's here somewhere, and watch you die of old age before you and a small armada of your henchmen can find it. If it's still "passphrase-protected", an attacker would a) have to know what to look for, b) have to find it, and c) obtain the passphrase. A "brute force" physical attack (ie: machine seizure and thumbscrews) or TEMPEST-based attack would, IMO, be less effort on the part of the attacker and is therefore the practical limit on private keyring security. Explanations as to why this would be a Bad Idea are actively solicited. =D.C. Williams <dcwill@ee.unr.edu> - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxyupioZzwIn1bdtAQErMgGAnlr/g/eLesvcCh9IdXy7RzH2vkKbC/x7 pbm/OA+W7z15ix0PzHOZ/vwpg9X5JBku =TRHd -----END PGP SIGNATURE-----
From: "Dr. D.C. Williams" <dcwill@ee.unr.edu> The "spread spectrum" approach might well be indicated for some life-or- death key security matters, but the vast majority of PGP users probably don't need or want to play Spy vs. Spy with their friends to backup keys. You use your friends now because off-site storage facilities are not yet available. The software for distributed remote backup has yet to make this operation transparent. I recognize that you can't just leave your private keyring lying around [physical storage mentioned] I suspect that most private keys in the future will be held in PCMCIA cards (initially) and then their smaller replacements. Backing up a private key to these allows use of a safe deposit box. If it's still "passphrase-protected", an attacker would a) have to know what to look for For scalability, most people will use some standard method, whatever it is. This limits the search space of an opponent. Eric
participants (2)
-
Dr. D.C. Williams -
eric@remailer.net