On Wed, 8 Jun 2005, Perry E. Metzger wrote:
Dan Kaminsky <[EMAIL PROTECTED]> writes:
2) The cost in question is so small as to be unmeasurable.
Yes, because key management is easy or free.
In this case it is. As I've said, even having all your tapes for six
months at a time use the same key is better than putting the tapes in
the clear.
If you have no other choice, pick keys for the next five years,
changing every six months, print them on a piece of paper, and put it
in several safe deposit boxes. Hardcode the keys in the backup
scripts. When your building burns to the ground, you can get the tapes
back from Iron Mountain and the keys from the safe deposit box.
[...]
If in-transit attacks are the real problem, just email/fax/phone the key when
you ship the tapes, and have them stick it in the box when it arrives.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
