1997-01-09 - Key Escrow Good, GAK Bad

Header Data

From: Ken Kirksey <kkirksey@appstate.campus.mci.net>
To: “Cypherpunks” <cypherpunks@toad.com>
Message Hash: 51d290277692bd1f7ac23743155109b379c03a26bb678e10edf5de9011b69ff5
Message ID: <199701092131.QAA00797@aus-c.mp.campus.mci.net>
Reply To: N/A
UTC Datetime: 1997-01-09 21:36:54 UTC
Raw Date: Thu, 9 Jan 1997 13:36:54 -0800 (PST)

Raw message

From: Ken Kirksey <kkirksey@appstate.campus.mci.net>
Date: Thu, 9 Jan 1997 13:36:54 -0800 (PST)
To: "Cypherpunks" <cypherpunks@toad.com>
Subject: Key Escrow Good, GAK Bad
Message-ID: <199701092131.QAA00797@aus-c.mp.campus.mci.net>
MIME-Version: 1.0
Content-Type: text/plain


>  To me, Key Recovery cryptography is like using a condom with a
>hole in it. No thanks.

I agree in principle, and I doubt I would ever use a key recovery system 
if I had a choice.  But, speaking as a network manager, I know that 
private key recovery (not GAK) can be an enhancement to security.  

I'll give an example.  About a year ago, my boss wanted to protect his 
file of annual financial projections for the company from prying eyes on 
our Macintosh network.  I installed CurveEncrypt on his machine, showed 
him how to use it, and gave him the standard lecture on choosing a good 
passphrase.  I stressed that he needed to chose a passphrase easy to 
remember, because if he forgot it, there was no way to get his file back.

Well, he forgot his passphrase.  He spent an hour trying every 
combination he could think of, interjecting a curse here and there for 
color.  He is now totally off using encryption to protect sensitive 
information.  He refuses to use it, and he discourages anyone in the 
office from using it.  I know that his position is unfair, but he _is_ 
the boss, so he makes the rules.  

And he is a typical computer user.  If your average joe forgets his 
passphrase and loses two days worth of work, he's not likely to encrypt 
his work again.  (Or he's likely to write down his passphrase in the 
future).  If we were using a Key Escrow system, this situation could have 
been avoided.  Yes, using a key escrow system is less secure that using a 
non-key escrow system, but I'd argue that using a strong key escrow 
system is better than using no encryption at all in situations like this. 
 Our network is less secure that it could be because of one user's bad 
experience.

Ken





Thread