From: eric@remailer.net (Eric Hughes)
Date: Wed, 18 Jan 95 08:13:26 PST
To: cypherpunks@toad.com
Subject: Re: Key backup (was: How do I know . ..)
In-Reply-To: <199501180601.BAA16566@bb.hks.net>
Message-ID: <199501181613.IAA08209@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain


   From: "Dr. D.C. Williams" <dcwill@ee.unr.edu>

   The "spread spectrum" approach might well be indicated for some life-or-
   death key security matters, but the vast majority of PGP users probably
   don't need or want to play Spy vs. Spy with their friends to backup keys.

You use your friends now because off-site storage facilities are not
yet available.  The software for distributed remote backup has yet to
make this operation transparent.

   I recognize that you can't just leave your private keyring lying around
   [physical storage mentioned]

I suspect that most private keys in the future will be held in PCMCIA
cards (initially) and then their smaller replacements.  Backing up a
private key to these allows use of a safe deposit box.

   If it's still "passphrase-protected", an attacker would a) have to know
   what to look for

For scalability, most people will use some standard method, whatever
it is.  This limits the search space of an opponent.

Eric