Anne & Lynn Wheeler wrote: > is there any more reason to destroy a daily key after it as been used > than before it has been used? <snip precopy attack on store cards> Yeah. tbh for good security, you should move your OTP keys into a secure storage device (asssuming you have one more secure than the cd-r) as soon as possible then destroy the entire disk. I can envisage a tamper-proof storage device that accepts an upload of raw key data, and stores 1gb of it in battery backed dynamic ram, which will blank reasonably effectively if the power is removed. But for most people, I imagine a CD-R is probably much, much easier to arrange physical security for than any other storage they may have access to, and both cheaper and easier to destroy after one use (easiest way to ensure data can't be retrieved) than say a USB storage dongle.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]