Re: What will happen to your crypto keys when you die?
On Thu, Jul 02, 2009 at 09:29:30AM +1000, silky wrote: A potentially amusing/silly solution would be to have one strong key that you change monthly, and then, encrypt *that* key, with a method that will be brute-forceable in 2 months and make it public. As long as you are constantly changing your key, no-one will decrypt it in time, but assuming you do die, they can potentially decrypt it while arranging your funeral :) This method would not work terribly well for data at rest. Copy the ciphertext, start the brute force process, and two months later you get out everything, regardless of the fact that in the meantime the data was reencrypted. -Jack - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: What will happen to your crypto keys when you die?
On Jul 1, 2009, at 4:29 PM, silky wrote: On Wed, Jul 1, 2009 at 6:48 PM, Udhay Shankar Nud...@pobox.com wrote: Udhay Shankar N wrote, [on 5/29/2009 9:02 AM]: Fascinating discussion at boing boing that will probably be of interest to this list. http://www.boingboing.net/2009/05/27/what-will-happen-to.html Followup article by Cory Doctorow: http://www.guardian.co.uk/technology/2009/jun/30/data-protection-internet A potentially amusing/silly solution would be to have one strong key that you change monthly, and then, encrypt *that* key, with a method that will be brute-forceable in 2 months and make it public. As long as you are constantly changing your key, no-one will decrypt it in time, but assuming you do die, they can potentially decrypt it while arranging your funeral :) I'll point out that PGP has had key splitting for ages now. You can today make a strong public key and split it into N shares, of which two or three shares are needed to reconstitute the key, and hand those out to trusted loved ones. You can then use that public key for files, virtual disks, whole disk volumes -- anywhere you could use an RSA or Elgamal key -- and be assured that your data is safe in the absence of a conspiracy of those loved ones. It's there now, and has been there for a decade. Jon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: MD6 withdrawn from SHA-3 competition
-- Sent: Wednesday, July 01, 2009 4:05 PM Subject: MD6 withdrawn from SHA-3 competition Also from Bruce Schneier, a report that MD6 was withdrawn from the SHA-3 competition because of performance considerations. I find this disappointing. With the rate of destruction of primitives in any such competition I would've liked to see them let it stay until it is either broken or at least until the second round. A quick glance at the SHA-3 zoo and you won't see much left with no attacks. It would be different if it was yet another M-D, using AES as a foundation, blah, blah, blah, but MD6 is a truly unique and interesting design. I hope the report is wrong, and in keeping that hope alive, the MD6 page has no statement about the withdrawl. Joe - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Fluff Article from the WSJournal -- Deciphering a Message to Thomas Jefferson
http://online.wsj.com/article/SB124648494429082661.html#mod=WSJ_myyahoo_module - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com