[17421] in cryptography@c2.net mail archive
Re: encrypted tapes
daemon@ATHENA.MIT.EDU (Bill Frantz)
Thu Jun 9 09:37:27 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 8 Jun 2005 19:15:52 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <87wtp4fh8z.fsf@snark.piermont.com>
On 6/8/05, perry@piermont.com (Perry E. Metzger) wrote:
>If you have no other choice, pick keys for the next five years,
>changing every six months, print them on a piece of paper, and put it
>in several safe deposit boxes. Hardcode the keys in the backup
>scripts. When your building burns to the ground, you can get the tapes
>back from Iron Mountain and the keys from the safe deposit box.
I think I would be tempted to keep a private key in those safe deposit boxe=
s, and when writing the backup tape, pick a "random" (as best you can with =
the hardware and software available) session key, encrypt it using the publ=
ic key, hard coded in the backup procedure, and write the encrypted result =
as the first part of the backup. This procedure allows you to keep your se=
crets hidden away, at least until you need to use one of the tapes.
Cheers - Bill
IP note: This technique is so obvious to any practitioner skilled in the a=
rt as to be non-patentable (except in the USA, where obviousness is no barr=
ier). In any case I put it into the public domain.
-----------------------------------------------------------------------
Bill Frantz | gets() remains as a monument | Periwinkle=20
(408)356-8506 | to C's continuing support of | 16345 Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos, CA 95032
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
