----- Forwarded message from "Jeffrey I. Schiller" <jis@mit.edu> ----- Date: Sat, 7 Sep 2013 10:20:52 -0400 From: "Jeffrey I. Schiller" <jis@mit.edu> To: cryptography@metzdowd.com Subject: [Cryptography] Protecting Private Keys User-Agent: Mutt/1.5.21 (2010-09-15) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While we worry about symmetric vs. public key ciphers, we should not forget the risk of compromise of our long-term keys. How are they protected? One of the most obvious ways to compromise a cryptographic system is to get the keys. This is a particular risk in TLS/SSL when PFS is not used. Consider a large scale site (read: Google, Facebook, etc.) that uses SSL. The private keys of the relevant certificates needs to be literally on hundreds if not thousands of systems. Chances are they are not encrypted on those systems so those systems can auto-restart without human intervention. Those systems also break periodically. What happens to the broken pieces, say a broken hard drive? If one of these private keys is compromised, all pre-recorded traffic can now be decrypted, as long as PFS was not used (and as we know, it is rarely used). Encrypted email is also at great risk because we have no PFS in any of these systems. Our private keys tend to last a long time (just look at the age of my private key!). If I was the NSA, I would be scavenging broken hardware from “interesting” venues and purchasing computers for sale in interesting locations. I would be particularly interested in stolen computers, as they have likely not been wiped. The bottom line here is that the NSA has upped the game (and probably did so quite a while ago, but we are just learning about it now). This means that commercial organizations that truly want to protect their customers from the NSA, and other national actors whom I am sure are just as skilled and probably more brazen, need to up their game, by a lot! - -Jeff P.S. I am very careful about which devices my private key touches and what happens to it when I am through with it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFSKzZE8CBzV/QUlSsRAqTsAJ4xJymTj04zCGF7v9OaZ4vJC3WoMgCfU1Qd 960tkxkWdrzz4ymCksyaKog= =0JHf -----END PGP SIGNATURE----- _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5