On 6/8/05, [EMAIL PROTECTED] (Perry E. Metzger) wrote: -+------------------------------------------------------ | If you have no other choice, pick keys for the next five years, | changing every six months, print them on a piece of paper, and put it | in several safe deposit boxes. Hardcode the keys in the backup | scripts. When your building burns to the ground, you can get the tapes | back from Iron Mountain and the keys from the safe deposit box. |
Assuming I even understand the problem, this is, in fact, one of the wonderful uses of split-key (threshold) crypto; including scale-down to the individual desktop. split K as 2-of-3 quorum (1) smartcard (2) laptop (3) corp server encrypt disk using K (or another key protected by K, of course) situations handled (a) Dan offline inside Faraday cage, use frags 1,2 to do work (b) fire Dan / confiscate laptop, use frags 2,3 to read disk (c) Dan leaves laptop in cab, use frags 1,3 to recover from backup We can (for backup tapes) make 2-of-N splits. This would allow each tape of a multi-volume tape set to be "partially" encrypted in a different fragment which nevertheless could have its encryption "completed" by the common fragment held centrally thus making each tape a different cryptanalysis problem for the attacker but without the apparent key management overhead for the good guys. As one fragment of a quorum can be set in advance, that fragment could be common to several otherwise non-communicating sets of tapes and thus be the one retained in that central, good-guy location. And so forth. Disclaimer: I am a good enough mathematician to know how bad a mathematician I really am so, in the usual Internet practice, a flood corrections/denunciations will doubtless now commence. --dan ref: Geer DE & Yung M : Threshold Cryptography for the Masses, Proceedings, Sixth International Financial Cryptography Conference, Southampton, Bermuda, 11-14 March 2002. http://geer.tinho.net/geer.yung.PDF --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]