From: "Dr. D.C. Williams" <dcwill@ee.unr.edu>
Date: Tue, 17 Jan 95 21:56:41 PST
To: cypherpunks@toad.com
Subject: Key backup (was: How do I know . ..)
Message-ID: <199501180601.BAA16566@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

'Stig' was reported to have written:

> Eric Hughes wrote:
> > 
> > pointer-to-chunk to each of 7 different people.  In the case of
> > catastrophe, you can recover your key.
> > 

> I'll second Eric on the utility of this practice.  I should've done this...
> I lost a new pgp key when my hard disk hit the fan last month.  I can't even
> revoke it...  

The "spread spectrum" approach might well be indicated for some life-or-
death key security matters, but the vast majority of PGP users probably
don't need or want to play Spy vs. Spy with their friends to backup keys.
There must be a more reasonable way to backup non-critical keys. Magnetic
media is much more reliable than it used to be, and less reliable than it
will soon be, but it's still vulnerable to phenomena such as EMP. Friends
are vulnerable to death and disagreements which may end their willingness
to participate in the reconstruction of your key.

I recognize that you can't just leave your private keyring lying around
indiscriminately (especially if it's labeled "PGP private keyring"), but
what's to prevent it from being reproduced in some kind of hard copy form
(barcode? ASCII?) on some durable stock (credit card plastic?) and tucked
away someplace especially safe? A credit card (postage stamp?) sized flat
item is pretty easy to hide, especially if it's real function isn't obvious.
I guarantee you that I can hide such an object in my home, tell you it's
here somewhere, and watch you die of old age before you and a small armada
of your henchmen can find it.

If it's still "passphrase-protected", an attacker would a) have to know
what to look for, b) have to find it, and c) obtain the passphrase. A
"brute force" physical attack (ie: machine seizure and thumbscrews) or
TEMPEST-based attack would, IMO, be less effort on the part of the
attacker and is therefore the practical limit on private keyring security.

Explanations as to why this would be a Bad Idea are actively solicited.


=D.C. Williams	<dcwill@ee.unr.edu>

- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLxyupioZzwIn1bdtAQErMgGAnlr/g/eLesvcCh9IdXy7RzH2vkKbC/x7
pbm/OA+W7z15ix0PzHOZ/vwpg9X5JBku
=TRHd
-----END PGP SIGNATURE-----