[19798] in cryptography@c2.net mail archive
Re: thoughts on one time pads
daemon@ATHENA.MIT.EDU (Dave Howe)
Tue Jan 31 11:07:55 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 28 Jan 2006 17:38:31 +0000
From: Dave Howe <DaveHowe@gmx.co.uk>
To: cryptography@metzdowd.com
In-Reply-To: <43DA8C7F.8060109@garlic.com>
Anne & Lynn Wheeler wrote:
> is there any more reason to destroy a daily key after it as been used
> than before it has been used?
<snip precopy attack on store cards>
Yeah. tbh for good security, you should move your OTP keys into a secure
storage device (asssuming you have one more secure than the cd-r) as soon as
possible then destroy the entire disk. I can envisage a tamper-proof storage
device that accepts an upload of raw key data, and stores 1gb of it in battery
backed dynamic ram, which will blank reasonably effectively if the power is removed.
But for most people, I imagine a CD-R is probably much, much easier to arrange
physical security for than any other storage they may have access to, and both
cheaper and easier to destroy after one use (easiest way to ensure data can't be
retrieved) than say a USB storage dongle.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
