One of the usual arguments for key escrow was always "what if your employee dies and you can't get his data?" Secret Sharing techniques are of course a better approach, or at least storing sealed envelopes in company safes as a much better approach than pre-broken crypto. There've been a couple of stories in the press recently where weak passwords also solved the problem. One was a radio piece, I think NPR, about one of the companies in the World Trade Center who'd lost their computer administrators in the 9/11 attacks. The remaining employees got together and started telling stories about their co-workers - their interests, their family members, where they'd gone on vacation, their dogs' names, etc. They got most of the passwords. (It was a piece about modern management styles, and how in older hierarchical companies there'd be fewer people who knew the new employees well enough to do that.) The other was about the loss of the database of the personal library collection of one of the main linguists studying one of the two main Norwegian dialects. It's now been cracked... RISKS-FORUM Digest 22.13 http://catless.ncl.ac.uk/Risks/22.13.html
participants (1)
-
Bill Stewart