[17420] in cryptography@c2.net mail archive
Re: encrypted tapes
daemon@ATHENA.MIT.EDU (Jason Holt)
Thu Jun 9 09:36:27 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 9 Jun 2005 02:11:45 +0000 (UTC)
From: Jason Holt <jason@lunkwill.org>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <87wtp4fh8z.fsf@snark.piermont.com>
On Wed, 8 Jun 2005, Perry E. Metzger wrote:
> Dan Kaminsky <dan@doxpara.com> writes:
>>> 2) The cost in question is so small as to be unmeasurable.
>>
>> Yes, because key management is easy or free.
>
> In this case it is. As I've said, even having all your tapes for six
> months at a time use the same key is better than putting the tapes in
> the clear.
>
> If you have no other choice, pick keys for the next five years,
> changing every six months, print them on a piece of paper, and put it
> in several safe deposit boxes. Hardcode the keys in the backup
> scripts. When your building burns to the ground, you can get the tapes
> back from Iron Mountain and the keys from the safe deposit box.
[...]
If in-transit attacks are the real problem, just email/fax/phone the key when
you ship the tapes, and have them stick it in the box when it arrives.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
