Privacy With a 4096 Bit RSA Key — Offline, On Paper

HavanaF writes "Online backup is practical, but can it offer any privacy? The Dutch security company Safeberg developed an Offline Private Key Protocol, with an asymmetric key scheme. The protocol demands that the private (decryption) key be stored away from the 'source' computer, which presumably is 'too vulnerable.' The catch is that the private key needs to be fairly large to be secure: a 4,096-bit RSA key should suffice for some years. But how to store an 800-character key offline? Safeberg introduces a machine readable paper key, with the 4k-bit key crammed in a giant 2D Datamatrix barcode. This video on key strength tells the story."

What Happens When ...

[WrongSizeGlass]

... you fold the paper your 2D key is on? Tears, that's what. Tears.

Re:What Happens When ...

[MozeeToby]

It looks like the key is printed out in Hex at the bottom as well as the QR barcode.

Re:What Happens When ...

[fructose]

Why would yo fold it? Put it in your filing cabinet and maybe put a copy in a firesafe. Plus, one fold isn't going to tear a paper. I've got lots of papers that are folded that aren't torn. Sure some copies will tear, but some passwords get forgotten too. It's not a perfect solution, but it is another option for those who want a fairly high level of security.

Re:What Happens When ...

[Sponge+Bath]

Unfold it? Just be sure not to wipe your ass with it.

Re:What Happens When ...

[WrongSizeGlass]

Why would yo fold it?

To keep it in my pocket just in case I ever needed it. Sheesh.

Re:What Happens When ...

[zippthorne]

Which brings to mind an important question: Why not just have the machine read the hex?

Re:What Happens When ...

The pixels of the 2D code are 2mm by 2mm (0.08 inch x 0.08 inch) and there is about two-fold redundancy in the encoding. Reconstructing should be possible even when there are destructive creases.

Re:What Happens When ...

[RobVB]

The company could store a last-resort backup at a different facility, and allow you access after checking a bunch of biometrics.

Re:What Happens When ...

[wiredlogic]

All matrix codes have enough redundancy to allow successful decoding when the image is partially damaged. Some have so much redundancy that you can tear them in half and still recover the contents.

Re:What Happens When ...

[treeves]

He didn't mean tearing of the paper. He meant that he'd cry. Tears.

Re:What Happens When ...

[owlstead]

B8B8B8B8B8B8B8B8B8B8B8B8B8B8B8B8
Because 2D barcodes are much easier to read reliably. No need for special OCR. The hex key is presumably for human input, although I don't see any reason why you would not try and read it with a machine, if you really must.
B8B8B8B8B8B8B8B8B8B8B8B8B8B8B8B8

Re:What Happens When ...

[mpapet]

Bar codes printed on media of all kinds are generally quite robust and not error prone. The printing device does not need to be special in any way. The reader does not need to be special in any way. Print the key on acid-free paper using a laser printer and store it for a looong time. I'll leave it up to the slashdot tifosi to declare how long it would last in a bank vault.

Some nice ways to encode keys and store it as a symbol on paper here: http://www.adams1.com/stack.html

Symbology is very non-sexy knowledge, but valuable in logistics.

Re:What Happens When ...

[dgatwood]

Reading numbers is more error prone. With the bar code, there are presumably lots of check digits and other such loveliness encoded into it.

As for folding it, what happens? Probably nothing. There are usually CRCs (or similar) and lots of other stuff in those 2D bar codes. This particular scheme, Data Matrix, is apparently highly redundant, allowing full recovery of the data even if (up to) 30% of the bar code is destroyed.

http://www.tlashford.com/TLA/pages/Basic_sym/Symbol_overview.htm#DATAMATRIX
http://en.wikipedia.org/wiki/Data_matrix_(computer)

Re:What Happens When ...

[kill-1]

The paper key seems to contain 4x4 x 22x22 = 7744 bits. So can't tear it in half but almost.

Re:What Happens When ...

[maxwell+demon]

Reading numbers is more error prone. With the bar code, there are presumably lots of check digits and other such loveliness encoded into it.

There's no reason you cannot insert check digits into the number as well.

Re:What Happens When ...

[MrNaz]

The size of the whoosh you just received will cause tears, as well as tears.

Re:What Happens When ...

[Retric]

Also, if you can recover most of the digits and know which ones are missing you can probably brute force the rest.

Re:What Happens When ...

[bane2571]

but how is this any different from some kind of redundancy based file system stored on a USB key in the same file safe other than that the USB is probably a lot faster?

Re:What Happens When ...

[MartinSchou]

If you're really 'paranoid' about storage time get a thin aluminium or steel shim the size of a credit card and etch onto the back of that.

Re:What Happens When ...

[Jane+Q.+Public]

Mod parent up!

In order to be really secure, onsite storage of the key is a no-no anyway, so this system must presume anyone interested in getting the password does not have site access.

And in that case, paper is just silly. It is less "safe" (as opposed to secure) than a USB key, since a USB key can't fold or tear, and water won't normally damage it.

I'd say this is a solution looking for a problem. It might be great for off-site backup of your USB key. But I don't see it as useful for much of anything else.

Re:What Happens When ...

[steveb3210]

I'll leave it up to the slashdot tifosi to declare how long it would last in a bank vault.

I'll pass....

Re:What Happens When ...

[GaryOlson]

...paper is just silly. It is less "safe" (as opposed to secure) than a USB key...

Paper has hundreds of years of technology development behind it; what is the oldest USB key you have? Technology easily and readily exists to store quality archive paper nearly indefinitely in temperature/light/humidity controlled environments.

I might even guestimate bar code technology will disappear long before a properly created and stored paper archive.

Re:What Happens When ...

[MichaelSmith]

a USB key can't fold or tear, and water won't normally damage it.

Last (southern) summer I had a bunch of SD cards in my wallet, then they went missing. So this summer I put on a pair of short pants and there were my cards, in a zip up pocket. They had been washed twice in hot water and still worked perfectly.

Re:What Happens When ...

[Thiez]

Why one would want to use the same RSA key for years and years is beyond me. Want something encrypted for the next 100 years? Don't bother with public key, go block cypher. Why not stick to AES or something similar?

Re:What Happens When ...

[jd2112]

Bar codes printed on media of all kinds are generally quite robust and not error prone.

Excepet at the supermarket, when you are in a hurry...

Re:What Happens When ...

Why not just encode it with Code-39 and print it on receipt paper?

Re:What Happens When ...

[Darkness404]

In order to be really secure, the machine is powered off, placed in a locked, bombproof, uncrackable safe and left there. Anything else exposes risks.

Re:What Happens When ...

[fractalspace]

Thats why you should immediately scan it and store it on a USB stick as a pdf file.

Re:What Happens When ...

[TooMuchToDo]

Even having the machine exist in it's safe is a security threat. Destroy the machine and figure out how only you can recover the data from the entropy in the universe. Best of luck!

Re:What Happens When ...

Reading numbers is more error prone. With the bar code, there are presumably lots of check digits and other such loveliness encoded into it.

As for folding it, what happens? Probably nothing. There are usually CRCs (or similar) and lots of other stuff in those 2D bar codes. This particular scheme, Data Matrix, is apparently highly redundant, allowing full recovery of the data even if (up to) 30% of the bar code is destroyed.

http://www.tlashford.com/TLA/pages/Basic_sym/Symbol_overview.htm#DATAMATRIX
  http://en.wikipedia.org/wiki/Data_matrix_(computer)

Even if you do lose a few bits, it's not a big deal. Just brute-force guess the missing bits. As long as you don't lose too many bits.

Re:What Happens When ...

[Yvan256]

you can recover the data from the entropy in the universe.

I tried do to that and all I got was "42".

Re:What Happens When ...

But, if you don't trust the OCR software to not covertly copy your key, it's much harder to write your own.

This is one of the reason ECC was developed, but even then it's no better than only storing the encrypted version protected with a good (100-200 bits of entropy) password.

Re:What Happens When ...

[martas]

well, one problem is that error from reading 1 digit (or hexit, whatever) is much higher - 4 times, to be precise. if the likelihood of making an error in 1 bit reading the matrix is the same as p of error in one digit, then that works out fine. but i don't think that's the case.

Re:What Happens When ...

... you fold the paper your 2D key is on?

It becomes 3D.

Re:What Happens When ...

the issue is not 30% it is when the bar code and hex key are 100 % destroyed

Re:What Happens When ...

[Arancaytar]

Depending on the pixel size and the quality of the scanner, that shouldn't be a problem.

In any case, this is probably a better idea than storing it on RFID for the obvious security reasons... paper isn't long-range readable.

Re:What Happens When ...

[cerberusss]

Unfold it? Just be sure not to wipe your ass with it.

It would be kinda funny. Suppose they print the key on rolls of paper, with a particular form factor that makes it easy to feed into a special purpose scanner.

As a side effect, it looks just like toilet paper. So, the janitor comes in, and places the RSA key throughout the building in all toilets.

Imagine the sysadmins standing at the sewer output, dragging through the Sh1t to put the RSA key together :D

Re:What Happens When ...

[qmetaball]

The pixels of the 2D code are 2mm by 2mm (0.08 inch x 0.08 inch) and there is about two-fold redundancy in the encoding. Reconstructing should be possible even when there are destructive creases.

This. Where i work he have several dozen 2D barcode scanners and even more Zebra Z4 and Z6 type printers. on a ZM400 we had a bad head, and a good deal of the barcode was completely absent from the word go, however operators were still able to correctly scan the mangled codes with 100% accuracy.

Re:What Happens When ...

[jimbolauski]

Every security briefing I've been to they say don't write your password down on a piece of paper. Your data can only be as secure as the key and if tracking access to the key is important then paper is not the way to go. A usb key can be set up to track access and tampering with the key can be detected much easier then someone taking a photo of a piece of paper.

Re:What Happens When ...

[mcgrew]

I wish "tears" wasn't spelled the same way as "tears". Tears for fears, or tears for fairs?

I think it's a dumb idea, personally. There's no reason to use paper.

Re:What Happens When ...

[mcgrew]

The universe is farty, too.

Re:What Happens When ...

[mcgrew]

Print the key on acid-free paper using a laser printer and store it for a looong time.

I know there are chemists here, and hope that someone can confirm or deny that, I suspect it will be confirmed, since laser "ink" is actually plastic that's melted to the paper. Normal ink had been used for centuries, melting plastic on paper is relatively new. Also, I wonder of the heat needed to print on a laser printer would affect the paper's life?

Re:What Happens When ...

[Laur]

Every security briefing I've been to they say don't write your password down on a piece of paper.

Bruce Schneier disagrees with you and your security professionals.

Re:What Happens When ...

[consonant]

Robert Langdon made symbology sexy.

Re:What Happens When ...

[Hal_Porter]

He used to say the opposite until the NSA started to fund him.

Hmm, got to go they're breaking down the do

Another plausible scenario I have to watch out for

[Merc248]

Guy holding knife and laxatives: "Poop the paper! Poop it now!"

First Po..

Hang on! let me get my giant barcode out of my pocket!

Re:First Po..

[gadget+junkie]

Hang on! let me get my giant barcode out of my pocket!

that reminds me of Robin Williams doing his Adam and Eve sketch....."Stand back honey, I do not know how big this can get!!"

Re:First Po..

[Hurricane78]

We knew this as: *point your hip towards the window* Open the window! I think I get at boner!

key exchange

[akirapill]

I'll fax you a xerox of my public key. Is analog the new steam punk?

Re:key exchange

Sorry, I only accept mimeographs.

In 2006, a guy recited Pi to 100000 places...

[93+Escort+Wagon]

So what could be so hard about memorizing a measly 800 or so characters?

Re:In 2006, a guy recited Pi to 100000 places...

[hansraj]

Nothing, but that poor guy will have to remember passwords for everyone!

Re:In 2006, a guy recited Pi to 100000 places...

[BikeHelmet]

It takes a special kind of mind to do that.

And that said... I memorized a 48 character hexadecimal password, in case I ever need one. :P

Re:In 2006, a guy recited Pi to 100000 places...

[localman57]

So what could be so hard about memorizing a measly 800 or so characters?

Pi might be hard. But for encryption keys, It's not hard at all. You just repeat "12345" one hundred and sixty times.

Now, I want half of you to mod this funny, because it is. I want the other half of you to mod it insightful, because we all know that when you put 4096 bit encryption into the hands of an average person, they really do type 12345 one hundred and sixty times.

Re:In 2006, a guy recited Pi to 100000 places...

[Jorl17]

I also want this to be modded funny, but I'm figuring offtopic...

By the way, I just ate my data matrix -- equivalent to swallowing the key!

Re:In 2006, a guy recited Pi to 100000 places...

[jamesh]

when you put 4096 bit encryption into the hands of an average person, they really do type 12345 one hundred and sixty times.

I'm obviously above average then - i'd use cut & paste to do the job in seconds!

Re:In 2006, a guy recited Pi to 100000 places...

[Sir_Lewk]

Problem is, this is an RSA key, it can't just be any random string of bits, it has to be two very large prime numbers. Users won't be chosing a 4096bit key, it will be generated for them.

Re:In 2006, a guy recited Pi to 100000 places...

[93+Escort+Wagon]

It takes a special kind of mind to do that.

And that said... I memorized a 48 character hexadecimal password, in case I ever need one. :P

I hope it wasn't F80FFA585E9867B804D998A2ED65E55BFC352C3C500684CC, cuz that's the one I'm using.

Re:In 2006, a guy recited Pi to 100000 places...

[Jurily]

Now, I want half of you to mod this funny, because it is.

It's not if you have to explain your joke.

Re:In 2006, a guy recited Pi to 100000 places...

[rwjyoung]

Damn thats the same combination I use on my luggage!

Lets go old school

[stretch0611]

This sounds like a way to put punch cards back in every office.

Re:Lets go old school

[azenpunk]

"What's your password?"

"Umm....let's see. Del Monte canned peaches in light syrup, kraft macaroni and cheese, hunts canned pizza sauce, campbels chicken and noodle soup"

"We need a Safeway, tape, scissors and a barcode reader!"

Re:Lets go old school

[Sulphur]

Large print alphabet soup. One good stir and the key is gone.

How is this any more secure

[Monkeedude1212]

Than a 4096 Bit RSA Key that is stored on a standalone computer?

Re:How is this any more secure

[maxwell+demon]

Or stored on a standard external storage medium like, say, an USB stick?

Re:How is this any more secure

[mugurel]

Obvious. A key stored on paper is more likely to perish, and therefore less likely to fall in the hands of evildoers.

Re:How is this any more secure

[Monkeedude1212]

Clearly you've never worked in an office environment. The paper documents last forever Whereas you get lucky when that Dell from 2001 fails so you can upgrade it to a new one.

Re:How is this any more secure

[DragonWriter]

Than a 4096 Bit RSA Key that is stored on a standalone computer?

If you use the standalone computer for anything but storing the key, or fail to physically secure the standalone computer from access (separate to any physical security on any computer on which data resides that is secured with the key) it is obviously more secure to keep the key on paper, physically secured in something that isn't opened except to access the key.

If you don't use the standalone computer for anything else, and have it separately physically secured, then for any reasonable use of the word "computer", it will probably be equally secure, and vastly less expensive to separately secure the key on paper, instead.

Perhaps the more relevant comparison is separately securing paper vs. separately securing long-term electronic storage media. The sheet of paper will probably be cheaper in any case (though the price difference drops if you are using inexpensive electronic storage media rather than a dedicate computer), and will likely be more likely to be practically usable to access data a longer time into the future. Though in this case, a key factor is making sure the paper has the key in a human-readable form as well as a machine-readable form, since long-term availability of tools to read any particular machine-readable format is an issue. If you use text in an OCR-friendly font, the human readable format and the machine readable format can be the same.

Re:How is this any more secure

[owlstead]

It's not more secure. It's cheaper. It's less likely to break down. You can store it in a safe. You can print it using a desktop printer. And its infinitely less likely to be wiped and used as a gaming machine by your 14 year old (if you have 4 year olds you might need the safe though).

Re:How is this any more secure

[SanityInAnarchy]

If you use the standalone computer for anything but storing the key,

Same problem occurs if I write doodles on the paper -- though I fail to see how that reduces the security, only the reliability.

or fail to physically secure the standalone computer from access

Granted, it's easier to secure a piece of paper. But the same problem applies.

More importantly, a closer analog to the paper is a USB thumb drive, which will fit just as neatly in a safety deposit box, or in your pocket, or (apparently) in your digestive system. It has flaws, but these would seem to be the exact same flaws the paper does -- for example, any machine on which I decrypt the data is necessarily a machine which will hold that key in RAM at some point, which means it's a point of failure.

The most paranoid solution I know of in that vein, which I used for awhile, is to boot off a thumb drive (which has the stored keys) and use full-disk encryption on the hard drive. I'd be pwned if and only if someone implements a BIOS-level or hardware-level exploit, and somehow does it without me noticing -- I kept a pretty close eye on that machine, physically. (Tempest would probably work, but you're not going to be left alone with it for long enough to do anything -- best case, you steal it, but then you don't have the USB key in my pocket.)

I stopped doing that when the USB key died, suddenly and completely, leaving me no way of accessing my data -- and my new laptop has an SSD, which is actually fast enough that crypto speed might be a limiting factor, whereas it definitely won't be on a 5400 RPM drive with any sort of modern CPU.

will likely be more likely to be practically usable to access data a longer time into the future.

Possible. We know a lot more about how paper degrades than we do about how data degrades (yet).

Though in this case, a key factor is making sure the paper has the key in a human-readable form as well as a machine-readable form, since long-term availability of tools to read any particular machine-readable format is an issue. If you use text in an OCR-friendly font, the human readable format and the machine readable format can be the same.

Apparently, this is a 2D barcode, with the hex version printed alongside it, so it fulfills both.

Re:How is this any more secure

[SanityInAnarchy]

You can store USB keys in a safe. They're relatively cheap. They have no potential to be used as a gaming machine.

Re:How is this any more secure

[Locke2005]

Simple: you print the key in a blank spot on a random page of War and Peace. Good luck to anybody trying to find it without knowing the page number! Whereas in a standalone computer, any disk analysis software should be able to find the key. The point is, as in The Purloined Letter, you put the key in a place no one would think to look for it. Searching your computer and computer media is the _first_ thing anyone looking for the key is going to do! When they come in with a warrant to confiscate your computer, do you think that warrant covers your book collection as well? No, it just covers computers, hard drives, USB drives, CDs/DVDs, etc.

Re:How is this any more secure

[Urza9814]

It's cheap?

Also doesn't need electricity, won't suffer a hard drive crash, and is easily duplicated (may or may not be good). Also it's pretty cheap and easy to make paper fairly durable. Laminate itt, print it on photo paper...hell, there's no reason you really need to use paper at all. You could store it on film, you could store it on wood or a clay tablet probably...hell with sufficient desire you could make it out of cement or even friggin' trees. The interesting thing about this is not the fact that it's stored on paper, the interesting thing is the method of creating the pattern and reading it back it.

Re:How is this any more secure

[DragonWriter]

If you use the standalone computer for anything but storing the key,

Same problem occurs if I write doodles on the paper -- though I fail to see how that reduces the security, only the reliability.

Well, doodles on the paper affects reliability. Using the computer for other things affects reliability, true, but if it is separately physically secured, using it for other things means more opportunity for physical security problems, and not separately physically securing it is a pretty big security deficit compared to separately physically-secured paper.

Granted, it's easier to secure a piece of paper. But the same problem applies.

Right. Security issues are broadly the same regardless of medium; the available means, costs, and logistical challenges of addressing them are what differs.

Re:How is this any more secure

It may just be that our society still is more geared towards archiving paper, but paper tends to keep. I've seen disks demagnetise, usb keys lose data due to unplugging them incorrectly, cdrs / dvdrs sometimes have bitrot, and digital files have a nasty tendency to get sort of lost. And paper offers more benefits. It doesn't "leak". No matter how you transport it, from your office to your home to your notary for example, unless MI5 thinks you're particularly interesting there will be no residual temporary copies left in the cab or on the train. And you can sign it. As in really, with pen and ink, should the need arise. I know about digital signatures and I know they have the potential to be safer, but in practice the law requires old fashioned signatures for certain things. Allow you to put one on a decryption key is extremely useful.

Re:How is this any more secure

[kalidasa]

There's a book that's 2200 years old. I don't mean the story (or in this case, poem) is 2200 years old, I mean the *piece of paper* (or in this case, papyrus) on which someone copied the (2400 year-old) poem is 2200 years old. In the right conditions, archival quality paper will last a *lot* longer than any electronic medium.

Re:How is this any more secure

[GaryOlson]

Paper is easily filed [and probably lost] forever; or at least until the information on it is no longer needed.

The computer has to have an asset tag, the asset has to be depreciated, and the asset has to be disposed of eventually. Some enterprising hacker will recover that key from an improper hard drive disposal...everytime. Murphy is ascendant.

Re:How is this any more secure

[keeboo]

You've mentioned interesting points, but paper has a limitation: its bit density for reliable storage is awful.

Re:How is this any more secure

[virtualXTC]

I'd argue a USB version is MORE secure as the attacker would have to know what they are looking for. Any key logger would pickup the output of a bar-code reader; and that sort of output would obvious when reviewing your catch.

Re:How is this any more secure

[mysidia]

How about SmartCards and a smartcard reader?

Have the card itself execute decryption of the symmetric key without revealing the private key to the PC, when it's read.

It will probably be cheaper than the uber-expensive specialized scanner+software from this vendor, you'll need to be able to scan the "cheap" paper key, anyways

And more secure in that the private RSA key is not subject to being stolen from PC RAM, or by modifying the decryption program on the PC to capture the key.

Re:How is this any more secure

[mysidia]

Bonus points if you don't keep the key at your house, but instead print it in redundant pieces on a few dozen different library books at various different libraries.

Even if someone finds it, they'll have no idea what they are looking at.

Re:How is this any more secure

[Tuoqui]

Why not store it on a USB key... It's much easier or burn it to a blank CD. If you dont need to store it for 1000 years, in which case you might have a better luck storing it by chipping it into stone.

Re:How is this any more secure

And in this case paper has the advantage.

If the guy were to eat it, nobody would be able to recover it

Re:How is this any more secure

[muckracer]

> How is this any more secure...Than a 4096 Bit RSA Key that is stored on a standalone computer?

Ask this question again after the EMP blast...

Re:How is this any more secure

[qmetaball]

I'd argue a USB version is MORE secure as the attacker would have to know what they are looking for. Any key logger would pickup the output of a bar-code reader; and that sort of output would obvious when reviewing your catch.

you're assuming all barcode scanners use a wedge method and output the data as keystrokes instead of raw data on a com port. protip: usually, and especially in this case, you'd have it as raw data on a com port, thus, not capturable with "any keylogger"

Re:How is this any more secure

[makomk]

Decent RSA smartcards are really expensive, and the vendors are all incredibly secretive about stuff like, y'know, how to actually communicate with the things...

Re:How is this any more secure

[virtualXTC]

...well that would certainly take away it's price advantage from using an SD / usb sick. Nevertheless, as the posts piled up, the tech does seem a bit more valid if all you want to do is encrypt data before long-term storage. However, in any other circumstance, I'd choose a different solution.

Re:How is this any more secure

[qmetaball]

...well that would certainly take away it's price advantage from using an SD / usb sick. Nevertheless, as the posts piled up, the tech does seem a bit more valid if all you want to do is encrypt data before long-term storage. However, in any other circumstance, I'd choose a different solution.

oh absolutely, the 2d scanners we use are about 400 dollars a pop.

no thanks my Hard drive is too big

[Spy+Handler]

Online backup is practical

not for my 1.5 terabyte HDD which is about half full.

Right now backing up from hard drive to hard drive takes forever (hours). How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?

Re:no thanks my Hard drive is too big

[toastar]

How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?

you can get about 17 MBytes/Sec with a 1.5TB through USPS

Re:no thanks my Hard drive is too big

They mean BESIDES the music, movies, and pr0n. You know, the 20M or so on your hard drive that's actually useful?

Re:no thanks my Hard drive is too big

[Tubal-Cain]

rsync? Though I guess it depends on how much data changes throughout the day.

Re:no thanks my Hard drive is too big

[owlstead]

OK, OK but it is probably practical for most things that require 4096 bits of RSA security. I've currently got two levels of backup. My administration/contacts etc. which is encrypted and backed up to my local ISP at ADSL speeds and on a tiny 2.5" external hdd, and a second one which *should* be stored on a separate hard disk or a RAID system. My favorite CD's I just copy to all my devices. Other things are just not worth backup up, such as 1 TB of downloaded movies - if I like them enough I simply buy the DVD. This one would presumably be for even higher levels of protection.

Re:no thanks my Hard drive is too big

They mean BESIDES the music, movies, and pr0n. You know, the [stuff] on your hard drive that's actually useful?

BLASPHEME!

Re:no thanks my Hard drive is too big

[dziban303]

Yeah, but since when has the post office ever delivered something in one day? I'd say 4MB/s is more likely.

Re:no thanks my Hard drive is too big

[SanityInAnarchy]

It'll take forever at first, but yes. Modern backup solutions would tend to be smarter still -- triggering automatically and silently in the background, sending deltas as soon as anything changes -- though presumably you could restrict how much bandwidth and what hours it would operate.

Re:no thanks my Hard drive is too big

Sounds great as long as nothing happens between now and 21 weeks from now. Make that 42 weeks if he manages to fill it in that time.

Re:no thanks my Hard drive is too big

[frosty_tsm]

How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?

you can get about 17 MBytes/Sec with a 1.5TB through USPS

Yes, but what are the service fees? And... where are you overnighting this?

If I wanted highly secure off-site backups, I'd buy an external hard drive or two and keep them in a safe deposit box at my local bank. Do the math on a 15 minutes each way (twice, first getting the hd then going back to put it in) + 15 minutes at the bank each time + x amount of time updating 1.5TB through USB... I bet it'll beat your USPS throughput.

Re:no thanks my Hard drive is too big

I think i should fix that line for you.
"Online backup is practical, for important files"

Not sure about you, but i don't usually classify all that porn as important, especially when it is easy enough to find again.
There are only those few files that are worthy of being classified as VIFs.

Re:no thanks my Hard drive is too big

Why would you try to backup 1.5TB with USB? eSATA would really cut down on the time required.

Re:no thanks my Hard drive is too big

[Tubal-Cain]

Make the first backup locally before moving it to the remote site?

Re:no thanks my Hard drive is too big

[evilviper]

not for my 1.5 terabyte HDD which is about half full.

Doesn't matter how big the volume is. It only matters how much data changes every day. Even if it takes days to sync up the first time, as long as only a few GBs changes, subsequent backups will go plenty fast.

Re:no thanks my Hard drive is too big

Online backup is practical

not for my 1.5 terabyte HDD which is about half full.

Right now backing up from hard drive to hard drive takes forever (hours). How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?

How much porn can one person watch, anyway? I mean, you have to leave time for Salshdot, too!

Re:no thanks my Hard drive is too big

[dangitman]

you can get about 17 MBytes/Sec with a 1.5TB through USPS

Liar! 17 Megabyte files always take 20 minutes to copy. Always.

Re:no thanks my Hard drive is too big

Hunh? the pr0n movies and music are the only thing useful on my hard drive... the rest loads off a knoppix cd.

Re:no thanks my Hard drive is too big

[diamondsw]

As we commonly say in the datacenter, it's hard to beat the throughput of a van full of backup tapes.

Re:no thanks my Hard drive is too big

[martas]

Never underestimate the bandwidth of a truck full of tapes hurling down the highway - Andrew S. Tanenbaum

Re:no thanks my Hard drive is too big

[profplump]

That's off-site, but not on-line. It's not even near-line, like a USB drive or a tape. It's completely offline from the moment you box it until someone plugs it back in.

Re:no thanks my Hard drive is too big

Never underestimate the propensity of slashbots to regurgitate ancient memes at every possible opportunity - Me.

Re:no thanks my Hard drive is too big

[borgboy]

Those who would sacrifice latency for bandwidth deserve neither.

Re:no thanks my Hard drive is too big

Never underestimate the bandwidth of a Prius full of tapes hurling down the highway. Just make sure you have replacement drivers.

Re:no thanks my Hard drive is too big

[Carnildo]

Doesn't matter how big the volume is. It only matters how much data changes every day. Even if it takes days to sync up the first time, as long as only a few GBs changes, subsequent backups will go plenty fast.

Based on my ISP's transfer restrictions, the initial sync of my home storage server would take just over a year and a half. Even if I were to saturate the upstream bandwidth (and risk getting my account canceled), the sync would take about eight months.

Re:no thanks my Hard drive is too big

[evilviper]

the sync would take about eight months.

Well you could certainly choose some out-of-band method, such as shipping them a duplicate hard drive, to handle the initial sync. Again, it depends how often the data is going to change. If there are not substantial changes, day to day, then the benefits of automatic off-site backups might make it still worth the hassle.

The 8 months figure doesn't match up with my quick calculations... I'd buy 8 months if it was full, but half that for half full, as stated, and it's entirely possible that data compression could reduce that by another half... YMMV. But I digress...

The fact that you have an inordinately large amount of storage, and particularly limited bandwidth, only makes you an atypical case. And I say that knowing full well that I have much more data than you, and even less bandwidth...

Re:Another plausible scenario I have to watch out

[Cryacin]

I am sure that such a gentleman would not be using the venacular "poop".

How much added security?

[SmilingBoy]

If the source computer is vulnerable, the private key will be vulnerable as well as soon as you use a device connected to the compromised computer to scan it.

Re:How much added security?

[owlstead]

Yes, whenever you use a key it becomes more vulnerable. This only adds security to the storage, not the use. It's amazing how many times this kind of thing is forgotten, e.g. when using an ultra-secure USB device on a computer with zero protection. It becomes even more "interesting" when you have to use the key in an automated system - obviously this design is not meant for continuous use :).

Smartcard ?

[KermitTheFragger]

After surfing around a bit on the source site I can't find any compelling reasons why I should use a giant unwieldy printable 2D Barcode instead of a smartcard ? A smartcard reader costs 25 bucks now a days so that cant be much of an obstacle.

Re:Another plausible scenario I have to watch out

[Verdatum]

Good point. "Poo" would save valuable syllabants!

It's not

But standalone computers are not a renewable resource the way paper is.

You don't need to store it offline....

[KPexEA]

Image this scenario. Instead of generating a "key" the traditional way you have the user select a file of his or her choice, then an offset and length. So if the user has some jpeg on their machine called goodtimes.jpg that is 100k and they input the offset of 3456 bytes and length of 77654 bytes, the key is then generated using the data inside that file. All they need to remember is the filename, offset and length. The file could be stored on the machine in plain site, or on a removeable pen drive. or even on a public website somewhere using http to access it.

Re:You don't need to store it offline....

[maxwell+demon]

"Damn, I can't decode my data. Someone must have changed the web page!"

Re:You don't need to store it offline....

[JoshuaZ]

If the file was stored anywhere obvious that would be a problem. For example, if it is stored on the machine then if someone gets access to the machine they might need to only test a few thousand files, especially if they have any good understanding of the time span from when the encryption was made. If they use a public website then you are vulnerable to having the website go down and can't access it unless you've got internet. Moreover, someone with access to your history might be able to identify the file (or at least would have a very small list of candidates). The use of a pen drive would actually be practical. But that's primarily because a pen drive is a small object that can be easily hidden, not because of any great aspect of this key generation scheme.

Re:You don't need to store it offline....

[Tubal-Cain]

So keep a local copy or host your own page.

Re:You don't need to store it offline....

Don't use an image hosted on goatse

Re:You don't need to store it offline....

[ircmaxell]

That's only valid if they know (or are suspicious) that you used a regular file instead of a more secure key. It's one of those hidden in plain sight things. It's not secure in the traditional sense, but it's a fairly good method of providing a roadblock (After all, the true test of "security" is whether or not someone who's trying to break in can)...

Re:You don't need to store it offline....

[KPexEA]

Even if they know the file you are using, and let's say for an example that the file is 100k, but they don't know the offset and length from where the key is generated inside the file, there is a lot of possible combination to test. Wouldn't that be like 100k factorial combinations?

Re:You don't need to store it offline....

[Samah]

So if the user has some jpeg on their machine called goodtimes.jpg that is...

I think hello.jpg would be more appropriate, as people would be less inclined to distribute it. :)

Don't use datamatrix

[GigsVT]

Datamatrix is the Gif of the barcode world. It has a bunch of patents covering it.

PDF417 does mostly the same thing, can be read with a laser (instead of an imager) and was designed to be open source and patent free from the beginning.

Re:Don't use datamatrix

[Kostya]

The wikipedia article on DataMatrix (http://en.wikipedia.org/wiki/Data_Matrix#Patent_issues) seems to imply it is unencumbered--perhaps I'm misunderstanding something?

Prior to the expiration of U.S. Patent 5,612,524, intellectual property company Acacia Technologies claimed that Data Matrix was partially covered by its contents. As the patent owner, Acacia allegedly contacted Data Matrix users demanding license fees related to the patent.

Cognex Corporation, a large manufacturer of 2D barcode devices, filed a declaratory judgment complaint on March 13, 2006 after receiving information that Acacia had contacted its customers demanding licensing fees. On May 19, 2008 Judge Joan N. Ericksen of the U.S. District Court in Minnesota ruled in favor of Cognex. The ruling held that the '524 patent, which claimed to cover a system for capturing and reading 2D symbology codes, is both invalid and unenforceable due to inequitable conduct by the defendants during the procurement of the patent.

Notably, since the '524 patent expired in November 2007, a ruling against Cognex wouldn't have affected current use of Data Matrix anyway. However, it would have established that use of Data Matrix prior to November 2007 could potentially be covered by the '524 patent.

Re:Don't use datamatrix

[dangermonkeyboy]

No offense, but this information is wrong. Data Matrix is completely unencumbered by patents. For one thing, it was released into the public domain by its inventor, and for another it's so old that even if there had been patents they would have expired by now.

There was one "IP" company that made some noise in 2006-2007 claiming to cover some of the underlying technology in their patent portfolio, but they were handed their hats in court. I followed the issue very closely, even stopping distribution of my Data Matrix open source project for a while, pending this outcome. But rest assured that Data Matrix is unencumbered by patents and safe to use in your projects.

Re:Don't use datamatrix

[GigsVT]

I didn't know it was safe now.

Re:Don't use datamatrix

[mrmeval]

How the fuck are we to know? Where is the patent has expired or the drugged out hippie inventor has released it to the ALL?
Srsly
ORIGHT I patented that. Never mind.

It's #OI8urgirfriendoutlastnight

Re:Don't use datamatrix

Datamatrix is the Gif of the barcode world. It has a bunch of patents covering it.

Other than the unrelated issue a completely dismissed false claim made a few years ago, this is essentially BS.

can be read with a laser (instead of an imager)

This is an advantage today (well for the consumer market I mean)?? Nearly everybody with has access to portable imaging equipment today (cell phones, webcams, digital cameras), some that are quite cheap.

A barcode laser module is a pretty specialized piece of equipment. Even a linear imaging sensor's advantages would only kick in in large deployments (e.g. retail)..

Also, PDF417 can't compete with the data densities afforded by Data Matrix, Aztec, or QR code. There is quite a bit of overhead in PDF417 to give it the "localizing" capability that allows it to be read with a linear imager (laser or CMOS/CCD).
They just don't fulfill all the same needs.. So: "PDF417 [wikipedia.org] does mostly the same thing" is not quite accurate.

Re:Don't use datamatrix

[iluvcapra]

There's also OPTAR for that matter.

Bar Codes Are Not Error Prone

[mpapet]

It would be hell if you lost the symbology though. Otherwise, this is very practical to the few who understand what been done.

Re:Bar Codes Are Not Error Prone

[Arthur+Grumbine]

It would be hell if you lost the symbology though

I'm sure the word you were looking for was "symbolism.". It would be hell if you lost the symbo-- wait, oh, right...

Re:Bar Codes Are Not Error Prone

[Barny]

*sigh*

And they banned the sequel in Australia, still managed to get a copy, damn funny stuff :)

Re:Bar Codes Are Not Error Prone

[bigstrat2003]

That's because I'm an expert in... nameology.

Not new

[physburn]

People have been using coloured matrices of keys, since the days of 8 bit games, for example JetSet Willy had one back in 1982 or 3.

---

Cryptography Feed @ Feed Distiller

I think it could be a bad idea

you need that much security, for some reason I am 1000000% curious of what you are doing now. If you had an old 286 machine in the corner I would likely just ignore it

Re:Another plausible scenario I have to watch out

[Merc248]

"Defecate thy papyrus!"

And this is practical, how?

[he-sk]

Do people actually use the systems they produce and sell?

Re:And this is practical, how?

[Arthur+Grumbine]

Safeberg also announced that their official position is that "dog food tastes terrible".

Backup

[pavon]

Since the purpose of this is to backup critical data, you want to make darn sure that you never loose the key, or all the data is worthless. Storing pieces of paper securely and safe from disaster is something that we have been doing for years, and you don't have to look very far for a solution. On the otherhand, most safes, fire boxes and safety deposit boxes will still get hot enough enough in a fire to destroy any digital media stored in them.Paper offers a simple, traditional backup while something like a smart-card could be used on a day to day basis.

the question is mute

This is so obviously an advertisement for the Safeberg product... but also is so stupid of an idea that: ok, I'll bite.

Storing your key as a UPC graphic is NO MORE SECURE than printing out the hex characters in human readable format. Granted it takes more time to manually copy... But what? you think that your thief don't have a camera on hand to peruse your key later or just steal the paper? This is called security by obscurity... which doesn't count towards security in a meaningful way.

Then there is the paper vs other storage formats. How the heck does this company believe that putting digital keys on paper is any more secure then putting them onto a digital storage medium. If data is burned onto a CD or stored onto a USB key and removed from the computer... it is just as "offline" as any other non-digital object. So what's with the paper.

Are you looking to save money? Paper vs USB/CD? Not relivent unless you have thousands of keys and want to individually secure or release them on demand. So for the average user or business... there is no cost savings benefit.

Also, USB is physically strong. Depending on the housing, you can usually put it through the washing machine or run over it with a car. Do that with paper.

This is so ridiculous. Some guy must have thought this was a brilliant idea at one time. Too bad he wasted so much money on this idea by setting up a bogus website to appear as a valid company with good/usable ideas. Please avoid this product and their proprietary suggestions at all costs. I think their concept is actually a reduction in data security and integrity.

IMO, based on the video and what I read on their site... Safeberg is a very bad company with very bad ideas.

Real Solution: put your digital keys on USB. Store your USB in a safe private place. Call a bank and get a lock box.

Re:the question is mute

[localman57]

moot.

Re:the question is mute

Paper's advantages over USB flash drives:

USB flash drives have not been given the test of time (over a decade) in the real world. I have CDs I've burned from over 15 years ago, which work fine. I have DLT IV tapes and Travan tapes from the early 1990s that work without issue. USB flash drives are still a new technology.

Paper can take an EMP blast. The chip in a USB flash drive will have its leads turn into antennas and cook the data should something like that happen.

People know how to deal with paper, and have been able to, for thousands of years. You drop the printout into your fire resistant cabinet and call it done. Electronic media has to be kept far cooler than the 451 degrees paper incinerates at. Of course, there is still water damage, but many generations of librarians have been taught in long term preservation of paper documents. There is nowhere near this knowledge of preservation of electronic media.

Paper can be checked easily for damage by the naked eye. A USB flash drive that is dead appears just like one that is working.

IMHO, the best solution: Multiple levels of backup. Use Safeberg's technology to store critical documents and protect them from regional destruction (obviously putting the printed key in locations geographically separate.) Use this in combination with a D2D2T system. Have a backup server copy data daily (or in some cases use the automatic document replication so data gets copied every few minutes) to disk. Then every so often, copy the data stored on the backup server's RAID to tape, with a backup set of tapes going to Iron Mountain. This type of planning not just covers the "oh shit" type of incidents when some admin does the dd if=/dev/zero of=/dev/sda while ssh-ed into the wrong machine, but it also covers a complete loss of a site due to an earthquake or flood. The backup server provides an easy way to do bare metal restores (either restoring via the network, or copying the backup volume to an external drive and restoring locally to the downed machine), while the offsite storage of documents on Safeberg's site provides protection of the critical core documents a company has, such as tax records.

Does the key have to be printed on paper?

[Rhacman]

Could it perhaps be printed on say, a cracker? That fellow that swallowed the USB flash drive to prevent investigators from using it for evidence might be interested.

Ahhhh!

I just spilled coffee on the bar code!

(Just a what-if scenerio.)

Re:Ahhhh!

[geminidomino]

I just spilled coffee on the bar code!

You got bar code in my coffee!

Ummmm....

[jemenake]

I'm not sure I grok this notion of not storing the key with the source machine. I mean... if I can get to the machine you backed up... I don't really need to get to the backup, do I? I've got fresher data right there in front of me.

Now, if you're really trying to protect some kind of historical record of how your data has progressed over time, then that would be a reason why access to the source computer still didn't get the intruder access to what you're trying to protect... but that's a very special case.

Dunno. Maybe I'm just missing the point.

Re:Ummmm....

I'm not sure I grok this notion of not storing the key with the source machine. I mean... if I can get to the machine you backed up... I don't really need to get to the backup, do I? [...]

You want to store the key to your backups with the machine getting backed up by this offsite backup service?

Dunno. Maybe I'm just missing the point.

Yes. You are missing the point of backups.

Re:Ummmm....

The source machine burned in a fire, but you're safe and secure since the backup is encrypted. Oh wait! The decryption key was on the source machine and since you were being secure you never copied to another machine! If you had only kept that piece of paper in your bank's safety deposit box instead.

Why not use OpenPGPCard?

Why not just use OpenPGPCard 2.0? It supports up to 3072bit RSA keys, and I'm sure bigger keys in the future.
Just unplug, and it's offline. Seems a lot more secure than a barcode on paper.

hide the key in a book: great idea!

[KWTm]

Simple: you print the key in a blank spot on a random page of War and Peace. Good luck to anybody trying to find it without knowing the page number!

Hey, that's a great idea! But I guess if someone flips through the book, s/he'd be able to find it. Here's an additional idea: print various fake keys in addition, on other pages, and only you know which page contains the real key. Although I guess, unless you use a lot of fake keys, the enemy would be able to just try each key in turn. Defense to that: combine the key with a password, so they have to break the password for each key they try: simple with 1 key, but not so simple if they have multiple keys to try.

How do you print the key in a book, anyway?

Re:hide the key in a book: great idea!

[mysidia]

You convert it into a Base-52 or Base-26 representation, so all keybits are represented by ordinary letters such as A-Z (you might expand it a little to include common punctuation marks), and underline different characters on the page that correspond to digits of your key..

Also, you can XOR your 4096 key, by a truly random 4096 bit value.

Destroy the original key, and print the random number and the XOR result in two different books at completely different places.

You can XOR it a few more times, and divide the key into 5 or 6 pieces.

Then go to the library with a pencil one night, and (covertly) store a copy of your key in various books.

Making plenty of redundant copies of course, and visiting multiple libraries (for fear that part of your key would be unavailable due to someone else having checked out one of your bits).

Paper tape

[rlp]

You could use long strips of paper with holes punched in it (or not punched). Or you could build one of these with a somewhat longer strip of paper.

Re:suck my dick, linux faggots

[eric2hill]

Interesting? Seriously? Roflmaowaghm!

google docs as safe as email.

[barv]

It is extremely convenient to use google documents to store current work online. Access is available from anywhere. I believe a 4096 RSA key is totally unnecessary for protection because the password is for entry to the online vault, not to decrypt a downloadable document. Presumably an online vault would object to even a dictionary attack. Most online vaults (e.g. mail accounts) close up for a time after three failed attempts.

If the account is compromised, it is almost certainly because the owner was not careful about the security of their password. Or maybe the owner chose a password like their birthdate, or used the same password as for the website dodgyfellows.com

ECC only requires 75 chars

[joeku98]

ECC-521 exceeds RSA4096 in terms of security strength, and it would only require approx 75 ascii chars to represent the key. It's still ridiculously long, but it's certainly much shorter than the 800 chars required by RSA4096!

Re:ECC only requires 75 chars

[russotto]

ECC-521 exceeds RSA4096 in terms of security strength, and it would only require approx 75 ascii chars to represent the key.

Certicom has a bunch of patents on ECC, though. RSA is unencumbered as the patents on modular exponentiation in a cryptosystem actually expired.

Re:ECC only requires 75 chars

[julesh]

Certicom has a bunch of patents on ECC, though.

ECC was first published in 1985. AIUI, Certicom would have had 2 years from this date to file for any patents related to that technique. Any patents on the original idea should therefore have expired 2 years or more ago. I believe Certicom has patents on some specific implementations that are improvements over the original implementation, but these can be worked around by simply using the technique as it was originally published.

OpenSSL includes an ECC implementation, and AFAIK Certicom have never threatened any action against them.

If companies that use this level of security...

[Rivalz]

If the companies that need this level of security are anything like the one I work for then they are in serious trouble. More likely yet instead of printing the file and tucking it away I will just save it as a pdf on the public web folder. We might spend big bucks developing the data but im sure our printer that they would use to generate the key would have a bad print head at just the right time for this key to be generated when we need to recover it. And can you imagine what the back door entry key for the NSA might look like when printed. I can imagine it being NSFW when you look at it from a distance.

Store private keys on paper?

http://www.jabberwocky.com/software/paperkey/

No affiliation, but throught it worth a mention. Also not affiliated with the following, which would've been a million times more useful as open source:

http://www.xerox.com/Static_HTML/xsis/dataglph.htm

This is presumably also (or somilar to) the technology behind photocopiers and such detecting images of money.

Not any more secure

Or you might consider it no more secure than a 64-bit key, as the entire scheme is based solely on computational power and assumes that there will be no significant breakthrough in that area. Computing power is still based largely on the number of transitors we can put on a chip and the cycles per second (currently GHz range) we can operate them. Be for computional was electrical, it was mechanical. Before it was mechanical, it was manual.

Quantum computing offers a possibility far beyond standard electrical (transistor) based computing. Even if Quantum computing is never fully realized or does not live up to expecations, it is extremely pessimistic (bordering on irrational) to assume that we won't realize computing power capable of handling far more than 4096-bit keys. Yes yes. I know. The time -investment issue. Follow the curves over the last 100 years and this will still be trivial.

Re:Not any more secure

[Thiez]

Bruce Schneier has written something interesting that kinda counters your post. Here we go:

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10^-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2Kelvin, an ideal computer running at 3.2K would consume 4.4×10^-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×10^41 ergs. This is enough to power about 2.7×10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

Source: http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html

The above text applies to symetric-key cryto, such as AES, and it's slightly different for asymetric-key algorithms (they are less secure than their keysize would suggest compared to most symetric-key algorithms) such as RSA. With quantum computers, public key will be pretty much screwed, but symetric-key should be safe for the forseeable future (and that is more than enough for almost every situation).

Idiotic

[evilviper]

This makes absolutely no sense. Smart cards have been around for many years now. There, you NEVER give ANYONE or anything access to your private key. Challenge-response, one-time-passwords, tokens, etc, etc. Putting it on paper is LESS SECURE than sticking it on a thunb drive. Then at least it can't be stolen by taking a picture...

Re:Idiotic

[julesh]

This makes absolutely no sense. Smart cards have been around for many years now. There, you NEVER give ANYONE or anything access to your private key. Challenge-response, one-time-passwords, tokens, etc, etc. Putting it on paper is LESS SECURE than sticking it on a thunb drive. Then at least it can't be stolen by taking a picture...

Smart card reader/writer hardware is expensive and not widely installed. The cards themselves aren't cheap (about $3 each for cards capable of mutual authentication last time I looked) and have a short lifespan (typically around 5 years, if kept in a rigid case, or 2-3 if kept loose, from what I've read). Mostly, they're limited to 1024- or 2048-bit RSA; I haven't seen one that'll work with 4096-bit keys.

A barcode can be trivially read on any PC with a webcam or connection to a digital camera with the trivial installation of additional software. Yes, it's less secure, but it's a hell of a lot more convenient.

Re:Idiotic

[evilviper]

A barcode can be trivially read on any PC with a webcam or connection to a digital camera with the trivial installation of additional software. Yes, it's less secure, but it's a hell of a lot more convenient.

A file on a USB thumb drive can be trivially read on any PC with a USB port. No digital camera, no webcam, no extra software needed. It's more secure than paper, and much, much more convenient.

Re:Idiotic

[julesh]

A file on a USB thumb drive can be trivially read on any PC with a USB port. No digital camera, no webcam, no extra software needed. It's more secure than paper, and much, much more convenient.

Yes, but how sure are you that if you leave it in a filing cabinet for 10 years it'll still work when you come back to it? How about in 20 or 50 years? Data on electronic media has a limited shelf-life, particularly flash which stores data in a retained electronic charge which will gradually decay. Data printed on paper can last for hundreds of years with relative ease.

Re:Idiotic

[evilviper]

Yes, but how sure are you that if you leave it in a filing cabinet for 10 years it'll still work when you come back to it?

Very sure, because I'll make 20 copies for a few dollars, and store several at off-site locations, to guarantee one survives, no matter what.

Data printed on paper can last for hundreds of years with relative ease.

No it can't. WORDS written on paper can last for a very long time, because it's very low density, and very predictable, so it can be recovered even after substantial degradation. Once you start going for higher densities, you're worse off using paper than you would be encoding it on a digital medium like a CD/DVD.

Even if paper has a longer shelf-life, it has NO durability against handling, or any other form of abuse. Additionally, the benefit of digital has always been the trivial ease of transferring multiple copies to different devices, and to newer media (once every 20 years)...

And finally, yes, Flash is quite durable:

Typical Data Retention for Freescale Semiconductor NVM Technologies

Using the above definition, the following NVM technologies from Freescale Semiconductor are capable of achieving greater than 100 years of intrinsic data retention.

http://www.freescale.com/files/microcontrollers/doc/eng_bulletin/EB618.pdf

Punched Paper Tape!!!!

Finally an reason to revive punched paper tape!

http://en.wikipedia.org/wiki/Paper_tape Longevity. Although many magnetic tapes have deteriorated over time to the point that the data on them has been irretrievably lost, punched tape can be read many decades later, if printed on Acid free paper.

Also: http://obsoleteskills.com/skills/usingpapertapeforprogramming

It's lightweight and the readers can be dead simple: photo detectors using ambient light with the tape being manually pulled through the reader. If you want ultra reliability then use mylar plastic tape. The punches are more of a pain in the ass, but they are also not very complex.

The real win is that you get to play with the punch chad!

Pants? Hmm!

[Zancarius]

Hang on! let me get my giant barcode out of my pocket!

That's just the thing... a printed key is just one washing machine away from complete and total disaster at the data center.

paperkey and libdmtx

[c_g_hills]

See http://www.mail-archive.com/gnupg-users@gnupg.org/msg10827.html.

The original paperkey software takes out the redundant key material for a smaller amount of data. You can restore the original key by combining the output with the public key.

To encode:

gpg --export-secret-key (thekey) | paperkey --output-type raw | dmtxwrite -e8 -f pdf > my_pdf_file.pdf

You can pass pdf, eps, svg, etc, to the -f option. Use 'dmtxwrite -l' to get a list of all supported image formats.

To decode:

dmtxread -N1 my_pdf_file.pdf | paperkey --pubring ~/.gnupg/pubring.gpg > my_new_secret_key.gpg

Re:paperkey and libdmtx

[owlstead]

As the key was stored in less than 8Kib (see http://it.slashdot.org/comments.pl?sid=1570350&cid=31352310), I presume only the private exponent is stored in this scheme as well. Although the key size is 4Kib that does not mean that the encoding of the complete private key material fits within 4Kib as well.

The modulus part can be left out if you can retrieve the public key from somewhere (e.g. in a header or container format).

Background Image

Did anyone else notice that the background image used throughout most of the video is a BSOD? Is this reverse-subliminal-advertising, or what?

Smartcard anyone?

[CrashandDie]

Anyone ever heard about a smartcard? Generate the key on the smartcard, it never has to be exported (unless you want key recovery and escrow, in which case you need the CA to generate the key).

Last time I heard, 144k cards (GnD makes 'em, amongst others [Gemalto]) could store 4 2048 keys (a Java card has applets, an applet is basically a container on the card, which will define what size keys can be used/generated. Consider 'em partitions, but more complicated), so my guess would be that you could store a 4096 key without any problem, though, I've never seen it in practice.

Nah...

I'll repeat this about... eight? times.

3.1415926535897932384626433832795028814973993751058

Re:Nah...

Not that bad. There's a good chunk of entropy in the wrong digits after 288.

I'll hold out

[egcagrac0]

... until there's a 640kbit key. 640k ought to be enough for anybody.

But seriously, it was just a few years back when we though 128bit keys were unbreakably long. Now 2048bit is standard, and about to get broken. 4096bit isn't enough right now. 16kbit is just about right, but that will get broken in early 2015.

Re:I'll hold out

[Urd.Yggdrasil]

Are you sure you aren't confusing symmetric and asymmetric crypto keys? I don't think 128 bit has ever been considered unbreakable for asymmetric keys, 1024-2048 has been the standard for asymmetric since I have known about it. For symmetric, 128 bit is still considered secure and is still the standard for AES, although many applications are moving to 256 bit.

Re:I'll hold out

[egcagrac0]

"Adequate" is a moving target. To hit a moving target, you aim for where the target will be, not where it is now.

Processors are getting cheaper, thousand node botnets aren't unheard of. That's today. My guts are telling me we hear about some brilliant new attack on RSA or similar algorithm every 8 months, which cuts the time to solve by 90%.

Back in the olden days, people thought that 56bit DES was hot stuff (they were wrong). Processors are now measured in Gigahertz instead of Megahertz - 3 orders of magnitude. Multiply that by the number of cores - 4 in a desktop is pretty common, 12 in a server isn't ridiculous - and that server, which would have classed as a "supercomputer" 15 years ago is now only $5000 - there's a lot of horsepower. Now we're thinking that 2 more orders of magnitude on the keylength is going to save us? (see below)

Who knows what tomorrow will bring?

(the below part: I know that key complexity isn't linear. I also know that brute force attacks aren't getting more expensive, and that the only defense is to make recovery prohibitively expensive for an attacker - that the data they get won't be useful after the time they spent getting it. I also feel just a bit justified for saying 16kbit - since our friends linked in TFS are saying 15kbit.)

TLDR: Ridiculously longer keys are probably smart.

Re:I'll hold out

[paul248]

You're confusing symmetric with asymmetric encryption. 128 bits is still pretty good for a symmetric key (like AES), while 2048 bits is pretty good for an asymmetric key (like RSA).

Re:I'll hold out

[julesh]

I don't think 128 bit has ever been considered unbreakable for asymmetric keys, 1024-2048 has been the standard for asymmetric since I have known about it.

For RSA-style asymmetric. Elliptic curve algorithms have entirely different key lengths; the longest broken to date is (IIRC) 112 bits, and the NSA consider 224 and 256 bits good enough for secret & top secret data respectively (hence equivalent to 3048-bit and 4096-bit RSA).

Re:I'll hold out

No. You confuse symmetric with asymmetric key length.

Re:I'll hold out

[egcagrac0]

No, I'm not confusing symmetric with asymmetric. Really. You can all buy me a subscription to apologize when it turns out that 16384 bit RSA is cracked in 2015.

Our definitions of "good enough" may differ somewhat.

Re:I'll hold out

[owlstead]

Non-sense.

First 128 bit keys were always too short for RSA keys, that's for symmetric keys.
2048 bit is far from standard, just take a look at your browsers certificate store and especially the certificates of many sites.
2048 bit is far from being broken. Although the security of RSA is non-linear with key-length, breaking 2048 bits is way way more difficult than breaking 1024 bit keys.
4096 bit is more than enough for "Long-term protection: Generic application-independent recommendation, protection from 2009 to 2040" according to eCrypt II (see link below).
16Kib is longer than the recommendation against "quantum computers", by which they don't mean 4 qubit quantum machines that can break 2x2 sudoku's, and then it would make much more sense to switch to Elliptic Curve Cryptography anyway (if Microsoft ever upgrades their crypto libs to fully support ECC instead of a limited set of NIST curves of course).

For a better description of key sizes and their estimated security please take a look at http://www.keylength.com/ .

Mods, this is a rather obvious troll, please mod parent DOWN.

Re:I'll hold out

... until there's a 640kbit key. 640k ought to be enough for anybody.

But seriously, it was just a few years back when we though 128bit keys were unbreakably long. Now 2048bit is standard, and about to get broken. 4096bit isn't enough right now. 16kbit is just about right, but that will get broken in early 2015.

128bit RSA keys were never unbreakably long. Coincidentally, they were also never used.

You are confusing asymmetric crypto (like RSA) using thousands of bits with symmetric crypto (like DES, AES...) ranging from less than hundred to a few hundred bits.

http://en.wikipedia.org/wiki/Asymmetric_crypto
http://en.wikipedia.org/wiki/Symmetric-key_algorithm

Re:I'll hold out

[Curien]

>it was just a few years back when we though 128bit keys were unbreakably long. Now 2048bit is standard

No one *ever* thought 128 bit asymmetric keys were relatively secure, and no one would consider 2048 bit symmetric keys to now be standard. You compared symmetric key lengths to assymmetric key lengths. Really.

Re:I'll hold out

Those are different kinds of keys, symmetric versus asymmetric. 256 bit symmetric keys are still quite standard and safe. 128 bit asymmetric haven't been for a long, long time.

Re:I'll hold out

[egcagrac0]

Not trolling, actually. Possibly naive. Probably paranoid.

You don't get to maintain control of all copies of the codetext (if you did, why bother encrypting?). The goal of encryption is to protect against future interception. Since we don't get to just move the documents into a newer, stronger, safer enclosure, we need to make sure that the enclosure we put them in is strong enough up front.

Most people don't care about website authentication (beyond "address bar is green"), and since the CA's that people pay to get their certificates charge more for longer certificates, most people don't pay the premium price. They buy "good enough", and lean toward the cheaper side.

We're talking about protecting a data store (of goodness knows what - possibly incriminating evidence, possibly highly valuable trade secrets) against unintended future retrieval; I don't think that 4096 is long enough for that, in two years. 2048 is plenty long in a revocable key arrangement for authentication purposes, today.

We're gambling on where the state of the art with brute forcing hardware will be tomorrow, and that gets moved dramatically as smart crypto types figure out elegant attacks.

Now, if I had just said "Let's use Dual_EC_DRBG! It's totally safe!" that'd be either funny or troll.

Re:I'll hold out

[pilardi]

The point still stands that you were confusing symmetric and asymmetric keys. The largest RSA symmetric key that has been cracked is 64 bits, and that took ten years of an organized distributed process. Even taking Moore's law into account, 128bit keys will be secure for about 100 years. Only an unexpected breakthrough (such as quantum computing or discovered serious flaw in the algorithm) would speed that up.

Re:I'll hold out

[owlstead]

Nah, if you aren't trolling then you are at the least guilty of gross neglect. You are so far out of the box (when you are not blatantly wrong) that warning persons of such fact is negligence. But it is far more likely that you are completely unaware of the current state of cryoto. Or you are fearmongering, which I assumed.

Re:I'll hold out

[egcagrac0]

I'll admit I'm probably out of touch with the current state of crypto.

I remember a time when DES (56 bit symmetrical) was revered as high security. Then, a few years later, a test showed it was cracked in 56 days. Then, a year later, it was 2.4 days. Then, a few years later, it was under 1 day.

Once upon a time, we thought computers with 640k of RAM were huge. Now, you can buy a machine with 128gigabytes or RAM and 24 processor cores for about the same price as a small car. My first hard drive was 10 megabytes - I've now got a USB drive the size of my thumbnail that holds 4gigs, and that's old. Lots of numbers that used to seem huge now seem trivial. I have to believe we're going to see the same scale of changes in crypto, within my lifetime.

I've seen some technological evolution over the years. I don't want to be on the receiving end of a nasty surprise in a few years because I guessed wrong.

Fearmongering? Maybe. It's only paranoia if they aren't actually out to get you. If they actually are out to get you, it's called caution.

Re:I'll hold out

[owlstead]

Well, I can understand where you are coming from, but at least do some research before making comments like your initial post.

I can count to 2^8 pretty fast. 2^16 is only twice as large, but I've never ever counted that high. For 2^32 you need a computer and for 2^64, well, let's just say that it'll take a very very long time even for a super computer. 2^128 is more than any computer will count to, ever. 2^256 is getting close to the estimated number of atoms in the universe (!).

If anything, trust number theory and exponents. If a single RSA 2048 key is cracked in the next year then it's because the algorithm failed (which is also not likely), not because they key was too small. AES-128/RSA-2048/SHA-256 is very safe already, if you are paranoid use AES-256/RSA-4096/SHA-512. Currently cryptography is ahead of crypto-analysis, and unless there is a significant break through this is not going to change the next two years.

Sorry I marked you troll, but - as said - your post is completely off the mark and got modded interesting or insightful. Be careful to make such remarks when you are not in the area of expertise.

Re:I'll hold out

[egcagrac0]

No worries. Paranoid people like me don't do online backups anyway.

The paper key is fascinating and all, and probably a good idea. Carry on. (I may start backing up my (longer) keys that way, in fact.)

Gonna need a new printer...

[DieByWire]

I'm going to need a new printer. One that I can run my post-it-notes through. Then I can print out this new bar code thingy and stick it on my monitor.

Hang on a minute

[Nazlfrag]

Does it come with a sticky backing so I can put it next to all the passwords I wrote down?

Re:Hang on a minute

[L4t3r4lu5]

Put it on the back of a Postit and stick it in front of your webcam.

It's like Autocomplete!

Re:Hang on a minute

[RivenAleem]

I recommend using a drawing pin to affix the password to the soft part of your screen

I'll save you some money

[dangermonkeyboy]

$ gpg --export | dmtxwrite --encoding=8 --format=PNG | lp

To be honest, I thought trusted paper keys were already common knowledge among geeks:

http://en.wikipedia.org/wiki/Trusted_paper_key

Re:I'll save you some money

[dangermonkeyboy]

Whoops. That should be "--export-secret-key" and "--format=PS".

Even better, just ignore my message and find the superior post on this topic by c_g_hills above.

Yeah, I stink at slashdot.

Re:I'll save you some money

[Hurricane78]

Man, you all complain about fingerprint scanners, and then you use something that is just as insecure.

I use a smart-card in a class 3 reader with display and pinpad. The key never leaves the reader. And in case of danger, I just need to destroy the card.

Of course I’m still fucked, if someone manages to get the card intact and tries to torture me.
Or just if someone is just ignoring that I just wrecked my own and only access to the system. (But at least my data will be safe, when I’m beat to pulp. ;)

(The only solution to that would be a storage that destroys itself if its timer is not reset from time to time. And the timer could only be reset with the use of the card and key.)

But how?

[ColaMan]

But how to store an 800-character key offline?

Uhm, 10 lines of 80 characters? 20 lines of 40 characters, if you think 80 in one hit might make you cross-eyed. Is it that hard to manually type in? For a backup copy that you will only ever be likely to type in once or twice, ever?

Or is this just another Slashvertisement(tm)?

If you want to put an RSA private key on paper...

You could just print a 256-bit random number on the paper. That feeds a keystream generator (AES-256-CTR, say), which is used as the random number source of a standard RSA private key generator. It would be relatively slow to regenerate your private key -- lots of primality tests and yadda yadda -- and the keygen code would have to have precisely specified cross-platform behavior so the same random number stream always produced the sameprivate key. But you could do it!

It's sort of the flipside of exchanging public key fingerprints: in both cases, a little fun with symmetric algorithms allows you to only print out a small private-key-sized number instead of a much longer asymmetric key.

Not seeing the strength of this set up...

[Junior+J.+Junior+III]

• Paper can be burned, torn, folded, spindled, and mutilated
• Paper can be stolen, photocopied, faxed.
• When your (un-trusted) computer takes a picture of the key paper, a camlogger could intercept the key, compromising it.

Bottom line, the key needs to turn into machine-read data at some point in order to interface with the crypto system and unlock your data, no matter what. Moving it to a piece of paper doesn't make it any more secure than storing it on a read-only USB key that you only plug into your computer when you need to decrypt something, or a smart card.

In any event, if you really don't trust the PC, you have no business using it to decrypt anything at all. It'd be like entering your super secret PIN number at an ATM while some guy you don't know is standing right there watching you do it. As soon as it's decrypted any vulnerabilities of the host system can be used to gain access to the decrypted data.

different kinds of cryptographic keys

[0ptix]

i think you're mixing up key length for symmetric ciphers (like AES, 3DES, Blowfish, etc.) which are generally quite short like 128 or 256 bits and key lengths for _asymetric_ cryptosystems which vary much more in length and in the case of RSA are somewhere closer to 2048 and 4096.

The reason is that for symmetric ciphers we _believe_ to be secure the best an attacker can do is brute force the key space. so that means brute forcing 2^128 or 2^256 possible keys. That's a hell of a lot of work. with current technology probably infeasible.

but for asymmetric schemes it's not as straightforward. To get a glimpse of why this is think about RSA keys. The public key is an exponent e and an integer n which is the product of two large primes. Now not every string of 4096 is actually represents such a pair number of numbers. (in particular not every bit-string is the product of two primes). so not every string of that length is a valid key. so brute forcing the key space doesn't mean trying every possible string of that length. just the ones which are the product of two primes which is a fair bit less.

Another reason for comparatively longer keys is this. In generally, for many asymmetric cryptosystems there are various attacks known which are still super-polynomial (i.e. inefficient) but are never the less sub-exponential which is what a brute force key search would be. so you have to adjust your key length to reflect these faster attacks even if brute forcing wouldn't be feasible even for shorter keys. (i think some examples of such attacks for factoring (which would break RSA) are the Pollard-Rho method, varients of Quadratic Sieve algorithm, and the Eleptic Curve method.)

Obgliatory FOSS tinfoil-hat argument

[zill]

Unless you can inspect the entire source code of your digital camera and/or scanner, you cannot guarantee that it's not modifing the image. Thus it's the weakest link in the security system.

Paper Tape

How is this really all that different from using paper tape?

Great idea!

[Yvan256]

Give me a second while I print that thing on thermal paper...

4096 is trivial to store on paper

[davidwr]

Geesh, in base-64 it's only 683 characters.

Typed out at 65 characters per line that's less than 11 lines of text. Big deal.

Any halfway-decent OCR program should be able to read that error-free, assuming you don't spill coffee on it first.

Re:4096 is trivial to store on paper

[julesh]

Geesh, in base-64 it's only 683 characters.

Typed out at 65 characters per line that's less than 11 lines of text. Big deal.

Any halfway-decent OCR program should be able to read that error-free, assuming you don't spill coffee on it first.

Indeed. The advantage of a barcode is redundancy; AIUI the approach taken will still work even if 30% of the paper is rendered entirely unreadable due to damage.

Uses

[Revenger75]

Isn't that what post-it notes are for...?

Why not use a smartcard to hold the private key?

[fluffy99]

I can see some use for this a secondary method of archiving the private key. Perhaps one that might survive the EMP blast from a nuclear strike. I don't think I wouldn't trust it as a primary method though.

Personally, I would think that using a smartcard (or two for redundancy) would be a better option. Since the private key never leaves the card once installed, it can't be copied without stealing the card itself. The actual signing, or en/decrypting of symmetric keys happens securely within the smartcard. If someone actually needs to recover some encrypted archive data then they go get the card and use it. The pin to unlock the card can be changed as needed. Otherwise with typical removeable media or hard copy of the private key, any person or software that had access in the past could have copied it.

For an example of a large entity doing this full-scale, just have a look at the DOD CAC program.

Andrew S. Tanenbaum == Ted Stevens?

[jonaskoelker]

Never underestimate the bandwidth of a truck full of tapes hurling down the highway

Is that some kind of metaphor for the internet?

Re:Andrew S. Tanenbaum == Ted Stevens?

[martas]

no, he's just saying that bandwidth is defined as bits/second, and if the number of bits is immense, then even something as (relatively) slow as a truck can have high bandwidth. of course the latency is ginormous too...

mod parent up

I'm getting tired of this too.

PaperBak anyone ?

[sebsauvage]

PaperBak anyone ? http://ollydbg.de/Paperbak/

It gives you this kind of prints:
http://sebsauvage.net/i/ccm/paperback_a4.png
http://sebsauvage.net/i/ccm/paperback_detail.png

I save my private GPG key on paper this way.

What about a fscking key?

[mu22le]

... you fold the paper your 2D key is on? Tears, that's what. Tears.

Yeah, paper is quite a stupid medium for a key, I mean really, paper? The thing that can be folded, erased, burned, it can fade, get wet...
Why not a real key? A physical object made of metal or plastic that actually looks somewhat like a key? I know that not everyone can print metal at home but you can "print" a metal key at your local mall and vinyl cutters are getting less and less expensive (you should probably xor the crypto-key with a password, for additional security, if you use someone else's printer). Maybe it would be even possible to make the information stored on the key retrievable by scanning the object with a home scanner.

This comes has an answer to avoid Digital Dark Age

[advid.net]

Thanks /. !
I was searching this kind of information after the recent Digital Dark Age topic: http://hardware.slashdot.org/story/10/02/23/2210224/Avoiding-a-Digital-Dark-Age

I'm looking for a way to store digital info for years. There has been many /. stories about this.
My conclusion: go for printed 2D codes with CRC like Reed Solomon, using archival paper and ink jet.
So thank again /. crowd for giving all those clues about 2D codes printing and reading !

My contribution:
Beware of those laser printing ! Solid ink can be peeled of the paper, leaving a blank page (with heat, time, vibrations, frictions). Prints last longer with quality ink jet prints, some are also water resistant.
BTW, does anyone have some good advice for the printing itself ?

Not exactly new

[ei4anb]

I punched my private key onto 80 column punched cards for offline storage back in 1979. It was the only way to keep a key private on a mainframe where the operator could read all files.

Re:Another plausible scenario I have to watch out

[Red+Flayer]

I like a little alliteration in my catchphrases. How about:

Void thine vellum!
Oust thine onion skin!

And that's about all I can come up with.

Except maybe "Shit the sheet", but that doesn't sound as nice.

Too big.

[bytesex]

By the time that 2D barcodes get this huge, it's probably better to invest in proper character reading devices.

to remember it

[godrik]

Make a song out of it as for emergency numbers : http://www.youtube.com/watch?v=RK4Xye7AErE

Solved

[fulldecent]

Here is the RSA2048 number printed twice on a US letter paper. Tell me if you have an problems reading this:

http://drop.io/9x9qo5p
http://drop.io/9x9qo5p/asset/screen-shot-2010-03-04-at-10-04-40-am-png
http://drop.io/9x9qo5p/asset/document1-pdf

Re:Solved

[fulldecent]

Here is another option at 33pt font for old people:

http://drop.io/9x9qo5p/asset/screen-shot-2010-03-04-at-10-12-30-am-png

So make two copies or add correction codes

[davidwr]

What's so hard about adding checksums and/or printing the whole thing twice or three times?

This is silly..

If you care about key security then you have to use a Hardware Security Module (HSM). This concept is just absurd.

saving data by printing and restoring by scanning

Oleh Yushuk did it long ago - http://www.ollydbg.de/Paperbak/index.html
just save your key to a text file, print it with paperbak.

Re:Another plausible scenario I have to watch out

[geminidomino]

Drop thy document.