1997-01-09 - Re: Key Escrow Good, GAK Bad

Header Data

From: Eric Murray <ericm@lne.com>
To: kkirksey@appstate.campus.mci.net (Ken Kirksey)
Message Hash: d958521dcff2e2534da26a57f0151415d48a19066c4b745ef3ccc09321eb90e5
Message ID: <199701092357.PAA23840@slack.lne.com>
Reply To: <199701092131.QAA00797@aus-c.mp.campus.mci.net>
UTC Datetime: 1997-01-09 23:58:31 UTC
Raw Date: Thu, 9 Jan 1997 15:58:31 -0800 (PST)

Raw message

From: Eric Murray <ericm@lne.com>
Date: Thu, 9 Jan 1997 15:58:31 -0800 (PST)
To: kkirksey@appstate.campus.mci.net (Ken Kirksey)
Subject: Re: Key Escrow Good, GAK Bad
In-Reply-To: <199701092131.QAA00797@aus-c.mp.campus.mci.net>
Message-ID: <199701092357.PAA23840@slack.lne.com>
MIME-Version: 1.0
Content-Type: text/plain


Ken Kirksey writes:
> 
> >  To me, Key Recovery cryptography is like using a condom with a
> >hole in it. No thanks.
> 
> I agree in principle, and I doubt I would ever use a key recovery system 
> if I had a choice.  But, speaking as a network manager, I know that 
> private key recovery (not GAK) can be an enhancement to security.  
> 
> I'll give an example.  About a year ago, my boss wanted to protect his 
> file of annual financial projections for the company from prying eyes on 
> our Macintosh network.  I installed CurveEncrypt on his machine, showed 
> him how to use it, and gave him the standard lecture on choosing a good 
> passphrase.  I stressed that he needed to chose a passphrase easy to 
> remember, because if he forgot it, there was no way to get his file back.
> 
> Well, he forgot his passphrase.  He spent an hour trying every 
> combination he could think of, interjecting a curse here and there for 
> color.  He is now totally off using encryption to protect sensitive 
> information.

User education would be even easier than key escrow.  Your boss could
have shared that passphrase with one or more other people, ideally the
people who helped him make the report.  When you encrypt something
that's vital to the company, you need to make sure that it can be
gotten back.  In most companies, there's more than one person who
is 'cleared' for even the more vital information.  The keys to
those files should be shared amongst those people.

Unfortunately, few encryption programs make this easy.  And even though
you can do it in PGP by encrypting to multiple recipients, how many
people think to do so?  I don't.  Most programs assume that there's one
key that that's used to encrypt everything, hence one level of security-
the highest.  But in a business situation you really need to be able to
encrypt something with your key and your secretary's key, or the keys of
all the board members, etc.



-- 
Eric Murray  ericm@lne.com  ericm@motorcycle.com  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF





Thread