If anyone is interested in participating in the design of a system
that could be used for manual key distribution and/or OTP purposes,
email me. I figure we can talk about our special cases off-list, and
maybe submit the final design to the list for people to take their
best crack at it.
--
"Whoso
I have an Executive Machines EPS-1501X cross-cut
shredder (15 sheet, I think) which also shreds CDs.
And it really shreds them, into about 1/4" x 1"
strips. It's no louder than any home/office other
shredder I've used, though it is louder when shredding
CDs.
Jim
--- "Travis H." <[EMAIL PROTECT
Travis H. wrote:
> On 1/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>> In our office, we have a shredder that happily
>> takes CDs and is designed to do so. It is noisy
>> and cost >$500.
>
> Here's one for $40, although it doesn't appear to "shred" them so much
> as make them pitted:
>
>
On Feb 1, 2006, at 3:50 AM, Travis H. wrote:
On 1/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
In our office, we have a shredder that happily
takes CDs and is designed to do so. It is noisy
and cost >$500.
Here's one for $40, although it doesn't appear to "shred" them so much
as make
On Wed, Feb 01, 2006 at 05:50:24AM -0600, Travis H. wrote:
> On 1/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > In our office, we have a shredder that happily
> > takes CDs and is designed to do so. It is noisy
> > and cost >$500.
>
> Here's one for $40, although it doesn't appear to "s
>> In our office, we have a shredder that happily
>> takes CDs and is designed to do so. It is noisy
>> and cost >$500.
>
>Here's one for $40, although it doesn't appear to "shred" them so much
>as make them pitted:
>
>http://www.thinkgeek.com/gadgets/security/6d7f/
Again -- what is the assuranc
On 1/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> In our office, we have a shredder that happily
> takes CDs and is designed to do so. It is noisy
> and cost >$500.
Here's one for $40, although it doesn't appear to "shred" them so much
as make them pitted:
http://www.thinkgeek.com/gadge
John Denker wrote:
> I forgot to mention in my previous message:
>
> It is worth your time to read _Between Silk and Cyanide_.
> That contains an example of somebody who thought really
> hard about what his threat was, and came up with a system
> to deal with the threat ... a system that ran count
John Denker wrote:
> It is worth your time to read _Between Silk and Cyanide_.
> That contains an example of somebody who thought really
> hard about what his threat was, and came up with a system
> to deal with the threat ... a system that ran counter to
> the previous conventional wisdom. It inv
[CD destruction]
| You missed the old standby - the microwave oven.
|
| The disk remains physically intact (at least after the
| 5 seconds or so I've tried), but a great deal of pretty
| arcing occurs in the conductive data layer. Where the
| arcs travel, the data layer is vapourized.
|
| The e
I forgot to mention in my previous message:
It is worth your time to read _Between Silk and Cyanide_.
That contains an example of somebody who thought really
hard about what his threat was, and came up with a system
to deal with the threat ... a system that ran counter to
the previous conventiona
In our office, we have a shredder that happily
takes CDs and is designed to do so. It is noisy
and cost >$500.
--dan
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
John Denker wrote:
> -- The best way to _protect_ a key after it has been used is to destroy
> it.
>
> -- For keys that have yet been used, a sufficient scheme (not the only
> scheme) for many purposes is to package the keys in a way that is
> tamper-resistant and verrry tamper-evident.
p
John Denker wrote:
> That indicates a gross lack of tamper-evident packaging, as discussed
> above. The store should never have activated a card that came from a
> package that had been tampered with.
if you have seen many of the gift cards in racks at grocery stores ...
they can be skimmed w/o a
Peter Gutmann wrote:
> Jonathan Thornburg <[EMAIL PROTECTED]> writes:
>
>> Melting the CD should work... but in practice that takes a specialized "oven"
>> (I seriously doubt my home oven gets hot enough), and is likely to produce
>> toxic fumes, and leave behind a sticky mess (stuck to the surfa
Anne & Lynn Wheeler wrote:
is there any more reason to destroy a daily key after it as been used
than before it has been used?
That's quite an amusing turn of phrase. There are two ways to
interpret it:
*) If taken literally, the idea of destroying a key _before_ it is
used is truly an inge
Eugen Leitl wrote:
> Sudden thermal stress (liquid nitrogen, etc) might be good enough to
> delaminate, leaving clear disks behind.
Not sure what the data surface is made from but - surely a suitable organic
solvent could remove the "paint" into suspension leaving a clear plastic disc
and no trace
Peter Gutmann wrote:
> For no adequately explored reason I've tried various ways of physically
> destroying CDs:
>
> - Hammer on hard surface: Leaves lots of little fragments, generally still
> stuck
> together by the protective coating.
>
> - Roasting over an open fire: Produces a Salvador Da
Anne & Lynn Wheeler wrote:
> is there any more reason to destroy a daily key after it as been used
> than before it has been used?
Yeah. tbh for good security, you should move your OTP keys into a secure
storage device (asssuming you have one more secure than the cd-r) as soon as
possible then d
How high-assurance are these CD destruction methods? I don't recall
seeing any articles on CD data recovery under normal conditions, let
alone these. As always, it depends on your threat model. (Aside: to
me, the only reason for using one-time pads is because you don't trust
conventional enc
2006 2:25 AM
To: cryptography@metzdowd.com; [EMAIL PROTECTED]
Subject: Re: thoughts on one time pads
Jonathan Thornburg <[EMAIL PROTECTED]> writes:
>Melting the CD should work... but in practice that takes a specialized
"oven"
>(I seriously doubt my home oven gets hot enough), a
John Denker wrote:
> Dave Howe wrote:
>
>> Hmm. can you selectively blank areas of CD-RW?
>
>
> Sure, you can. It isn't s much different from rewriting any
> other type of disk.
Yeah, I know. just unsure how effective blanking is on cd-rw for (say) a pattern
that has been in residence for t
> There are various versions of getting rid of a disk file.
> 2) Zeroizing the blocks in place (followed by deletion). This
>is vastly better, but still not entirely secure, because there
>are typically stray remnants of the pattern sitting "beside"
>the nominal track, and a sufficie
Jonathan Thornburg <[EMAIL PROTECTED]> writes:
>Melting the CD should work... but in practice that takes a specialized "oven"
>(I seriously doubt my home oven gets hot enough), and is likely to produce
>toxic fumes, and leave behind a sticky mess (stuck to the surface of the
>specialized oven).
F
John Denker wrote:
> One drawback with this is that you have to destroy a whole
> disk at a time. That's a problem, because if you have a
> whole disk full of daily keys, you want to destroy each
> day's key as soon as you are through using it. There
> are ways around this, such as read
On Thu, 26 Jan 2006, Adam Fields wrote:
>On Thu, Jan 26, 2006 at 06:09:52PM -0800, bear wrote:
>[...]
>> Of course, the obvious application for this OTP material,
>> other than text messaging itself, is to use it for key
>> distribution.
>
>Perhaps I missed something, but my impression was that
Dave Howe wrote:
Hmm. can you selectively blank areas of CD-RW?
Sure, you can. It isn't s much different from rewriting any
other type of disk.
There are various versions of getting rid of a disk file.
1) Deletion: Throwing away the pointer and putting the blocks back
on the free lis
Jonathan Thornburg wrote:
> 1. How to insure physical security for the N years between when you
> exchange CDs and the use of a given chunk of keying material? The
> "single CD" system is "brittle" -- a single black-bag burglary to
> copy the CD, and poof, the adversary has all your keys for the n
> I think that's because you missed the point. You're confusing manual
> key distribution (which makes sense in some cases, but is unworkable
> in others) with using a one-time pad (a specific method of encrypting
> information that uses up key material very fast but has a security
> proof).
Actu
>From: "Travis H." <[EMAIL PROTECTED]>
>Sent: Jan 26, 2006 6:30 AM
>To: cryptography@metzdowd.com
>Subject: thoughts on one time pads
...
>In this article, Bruce Schneier argues against the practicality of a
>one-time pad:
>
>http://www.schneier.com/cryp
Two other problems with using a CD for OTP key material:
1. How to insure physical security for the N years between when you
exchange CDs and the use of a given chunk of keying material? The
"single CD" system is "brittle" -- a single black-bag burglary to
copy the CD, and poof, the adversary ha
On Thu, Jan 26, 2006 at 06:09:52PM -0800, bear wrote:
[...]
> Of course, the obvious application for this OTP material,
> other than text messaging itself, is to use it for key
> distribution.
Perhaps I missed something, but my impression was that the original
post asked about how a CD full of ran
On Thu, 26 Jan 2006, Travis H. wrote:
> For example, you may have occasional physical meetings with a good
> friend, colleague, family member, or former co-worker. Let's say
> you see them once every few years, maybe at a conference or a
> wedding or a funeral or some other occasion. At such t
On Thu, 26 Jan 2006, Travis H. wrote:
> All I've got to say is, I'm on this like stink on doo-doo. Being the
> thorough, methodical, paranoid person I am, I will be grateful for any
> pointers to prior work and thinking in this area.
You may wish to look at:
Ueli M . Maurer: Conditionally-Perf
On Thu, Jan 26, 2006 at 05:30:36AM -0600, Travis H. wrote:
[...]
> Excuse me? This would in fact be a _perfect_ way to distribute key
> material for _other_ cryptosystems, such as PGP, SSH, IPSec, openvpn,
> gaim-encryption etc. etc. You see, he's right in that the key
> distribution problem is
Travis H. wrote:
In this article, Bruce Schneier argues against the practicality of a
one-time pad:
http://www.schneier.com/crypto-gram-0210.html#7
I take issue with some of the assumptions raised there.
[...] Then a $1
CD-ROM would hold enough data for 7 years of communication! [...]
In this article, Bruce Schneier argues against the practicality of a
one-time pad:
http://www.schneier.com/crypto-gram-0210.html#7
I take issue with some of the assumptions raised there.
For example, you may have occasional physical meetings with a good
friend, colleague, family member, or forme
37 matches
Mail list logo