On 09/24/12 19:18, Andy Lutomirski wrote: > On Mon, Sep 24, 2012 at 7:07 PM, Colin Percival <cperc...@tarsnap.com> wrote: >> This is why I made Tarsnap keys printable -- of course, printers bring >> some security concerns and paper has its own durability issues too. > > You mean you don't keep a stash of university library-approved > archival paper around? :)
Nope. Although even cheap paper will probably last a few decades... unless it gets too wet or too hot. > The idea was to prevent people from doing silly things. The key > should be high-entropy -- otherwise, people are vulnerable to offline > (by you) or online (by anyone) dictionary attacks. Right. That said, scrypt (used for key derivation in passphrased key files) is powerful enough that you need to be using an *abysmally* poor password for it to be easily cracked. > The main point > would be to reduce the amount of typing I'd need to do to recover my > key from ~5k keystrokes to ~32 keystrokes (fewer if base64). Oh, I was assuming that anyone who printed their key file would OCR it if they needed to read it back in. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid