On Fri, Sep 13, 2013 at 12:23 PM, Perry E. Metzger <pe...@piermont.com>wrote:

> I strongly suspect that delivering them securely to the vast number
> of endpoints involved and then securing the endpoints as well would
> radically limit the usefulness. Note that it appears that even the
> NSA generally prefers to compromise endpoints rather than attack
> crypto.

Yes, even airgapping keys within an organization scales poorly (I say this
as an employee of a company that has built a high availability encryption
service around HSMs). While USB drives are certainly large enough to store
huge pads, the fact remains that OTP is only better than other systems if
we can keep the keys off the wire. This means that we need a sneakernet to
move keys around.

The payments industry in the US has done this somewhat successfully. They
do things like shipping fragments of the keys through different shipping
companies, having the recipient reassemble them at their end. Even then
it's difficult to know if they've been intercepted: you can encrypt them,
and put the drives in tamper evident bags, but at least the latter can be

Obviously the Public Key Infrastructure scales a lot better than this

Tony Arcieri
The cryptography mailing list

Reply via email to