In this case I definitely prefer my version that requires no activity at all of this kind, unless somebody manages to hack a majority of the servers you hired. None need at all to move something continuously, just wipe enough of your servers so that the threshold can't be reached by the hacker. Then you get new ones. You don't have to worry they have a massive botnet or similiar decrypting it on their side. In your case they need to hack just one computer, in mine that's at least two, or even twenty.
- Sent from my tablet Den 22 sep 2012 14:13 skrev "[email protected]" <[email protected]>: > On Wed, Sep 19, 2012 at 5:33 PM, Tim Dierks <[email protected]> wrote: > > > > If the "trustee" doesn't have access to the "safe" until after you're > > dead, then the encryption is unimportant: just keep your secrets > > in the safe unencrypted. If they can access the encrypted > > message before your dead, they can decrypt it in a few months > > > On Wed, Sep 19, 2012 at 5:08 PM, The Fungi <[email protected]> wrote: > > > > And how does the trustee get access to the encrypted form of the > > secret? If he has a copy of it encrypted with the old key, how do > > you ensure he throws it out when you reencrypt with the new key? If > > he doesn't get access to the encrypted secret until you die, then > > why not simply rely on that access mechanism and forget about > > encrypting it in the first place? > > > These are all good questions and correct because I didn't explain the > scheme well enough. > > The trustee gets access to the encrypted secret as part of the estate. > If anybody, including the trustee, gets access to the encrypted secret > before death, the secret must be made worthless. > > I was assuming the decrypted secret was similar to "locations of his > caches of gold" example from the original posting. When the grantor > detects that somebody may have gained access to the encrypted secret, > they have time to move the caches of gold. After moving the caches, > revealing the old secret no longer has any value. > > Note, the encryption is still important because provides time to the > grantor to move the "caches of gold", thus keeping the valuables from > discovery. To enforce a reasonable amount of time to move the "caches > of gold", the encrypted secret sitting in the grantor's "safe" should > actually be onion-wrapped in weak keys. Just getting access to the > encrypted secret with the now revealed key delivered to the trustee > isn't enough. The onion-wrapping of the secret means one must still > break a number of day-strong keys before gaining access to the > "locations of caches of gold". > > Yes, this scheme is pretty far from a crypto-only solution because it > requires the ability to move the "caches of gold" around in the > physical world - with the possibility of surveillance completely > bypassing the crypto altogether. As, such, it is not very clean and > elegant but it does satisfy the motivating application. > ---- > Michael Heyman > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
