From: Adam Shostack <adam@bwh.harvard.edu>
Date: Wed, 18 Jan 95 14:01:12 PST
To: dcwill@ee.unr.edu (Dr. D.C. Williams)
Subject: Re: Key backup (was: How do I know . ..)
In-Reply-To: <199501181754.MAA24686@bb.hks.net>
Message-ID: <199501182200.RAA08888@freud.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


D.C. Williams wrote:

| With barcoding as the standard, another person prints his key on a small
| unmarked card and hides it somewhere deemed to be secure by him. The
| UPC-label attack fails because his keyring isn't disguised as UPC product
| labels. How does the attacker know what to look for?
| 
| True Paranoids could devise some sort of "invisible ink" method,
| requiring UV or heat exposure before the barcode becomes visible.
| Now your backup key looks like a blank sheet of paper. ;-)

	Picking a few nits:

	Putting the UPC's on things other than cards (such as books)
makes it easier to hide in the open.  `UPC' stickers on, say, a few
books are easier to miss than UPC stickers on index cards.

	Invisible ink draws attention to the correct UPC's once they
know you're using it.  See Kahn for a discussion of secret inks being
developed during the second world war.  If you want to hide bits, they
should be stripped of low entropy parts and hidden with a stego
program.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume