[Cryptography] Protecting Private Keys

Eugen Leitl eugen at leitl.org
Sun Sep 8 04:50:46 PDT 2013


----- Forwarded message from "Jeffrey I. Schiller" <jis at mit.edu> -----

Date: Sat, 7 Sep 2013 10:20:52 -0400
From: "Jeffrey I. Schiller" <jis at mit.edu>
To: cryptography at metzdowd.com
Subject: [Cryptography] Protecting Private Keys
User-Agent: Mutt/1.5.21 (2010-09-15)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

While we worry about symmetric vs. public key ciphers, we should not
forget the risk of compromise of our long-term keys. How are they
protected?

One of the most obvious ways to compromise a cryptographic system is
to get the keys. This is a particular risk in TLS/SSL when PFS is not
used. Consider a large scale site (read: Google, Facebook, etc.) that
uses SSL. The private keys of the relevant certificates needs to be
literally on hundreds if not thousands of systems. Chances are they
are not encrypted on those systems so those systems can auto-restart
without human intervention. Those systems also break
periodically. What happens to the broken pieces, say a broken hard
drive?

If one of these private keys is compromised, all pre-recorded traffic
can now be decrypted, as long as PFS was not used (and as we know, it
is rarely used).

Encrypted email is also at great risk because we have no PFS in any of
these systems. Our private keys tend to last a long time (just look at
the age of my private key!).

If I was the NSA, I would be scavenging broken hardware from
“interesting” venues and purchasing computers for sale in interesting
locations. I would be particularly interested in stolen computers, as
they have likely not been wiped.

The bottom line here is that the NSA has upped the game (and probably
did so quite a while ago, but we are just learning about it now). This
means that commercial organizations that truly want to protect their
customers from the NSA, and other national actors whom I am sure are
just as skilled and probably more brazen, need to up their game, by a
lot!

- -Jeff

P.S. I am very careful about which devices my private key touches and
what happens to it when I am through with it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFSKzZE8CBzV/QUlSsRAqTsAJ4xJymTj04zCGF7v9OaZ4vJC3WoMgCfU1Qd
960tkxkWdrzz4ymCksyaKog=
=0JHf
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list