Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy With a 4096 Bit RSA Key — Offline, On Paper

Posted by timothy on from the you'll-need-a-bigger-id-badge dept.

HavanaF writes "Online backup is practical, but can it offer any privacy? The Dutch security company Safeberg developed an Offline Private Key Protocol, with an asymmetric key scheme. The protocol demands that the private (decryption) key be stored away from the 'source' computer, which presumably is 'too vulnerable.' The catch is that the private key needs to be fairly large to be secure: a 4,096-bit RSA key should suffice for some years. But how to store an 800-character key offline? Safeberg introduces a machine readable paper key, with the 4k-bit key crammed in a giant 2D Datamatrix barcode. This video on key strength tells the story."

10 of 232 comments (clear)

  1. Don't use datamatrix by GigsVT · · Score: 4, Informative

    Datamatrix is the Gif of the barcode world. It has a bunch of patents covering it.

    PDF417 does mostly the same thing, can be read with a laser (instead of an imager) and was designed to be open source and patent free from the beginning.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
    1. Re:Don't use datamatrix by dangermonkeyboy · · Score: 5, Informative

      No offense, but this information is wrong. Data Matrix is completely unencumbered by patents. For one thing, it was released into the public domain by its inventor, and for another it's so old that even if there had been patents they would have expired by now.

      There was one "IP" company that made some noise in 2006-2007 claiming to cover some of the underlying technology in their patent portfolio, but they were handed their hats in court. I followed the issue very closely, even stopping distribution of my Data Matrix open source project for a while, pending this outcome. But rest assured that Data Matrix is unencumbered by patents and safe to use in your projects.

  2. Re:How is this any more secure by DragonWriter · · Score: 4, Informative

    Than a 4096 Bit RSA Key that is stored on a standalone computer?

    If you use the standalone computer for anything but storing the key, or fail to physically secure the standalone computer from access (separate to any physical security on any computer on which data resides that is secured with the key) it is obviously more secure to keep the key on paper, physically secured in something that isn't opened except to access the key.

    If you don't use the standalone computer for anything else, and have it separately physically secured, then for any reasonable use of the word "computer", it will probably be equally secure, and vastly less expensive to separately secure the key on paper, instead.

    Perhaps the more relevant comparison is separately securing paper vs. separately securing long-term electronic storage media. The sheet of paper will probably be cheaper in any case (though the price difference drops if you are using inexpensive electronic storage media rather than a dedicate computer), and will likely be more likely to be practically usable to access data a longer time into the future. Though in this case, a key factor is making sure the paper has the key in a human-readable form as well as a machine-readable form, since long-term availability of tools to read any particular machine-readable format is an issue. If you use text in an OCR-friendly font, the human readable format and the machine readable format can be the same.

  3. Re:What Happens When ... by mpapet · · Score: 5, Informative

    Bar codes printed on media of all kinds are generally quite robust and not error prone. The printing device does not need to be special in any way. The reader does not need to be special in any way. Print the key on acid-free paper using a laser printer and store it for a looong time. I'll leave it up to the slashdot tifosi to declare how long it would last in a bank vault.

    Some nice ways to encode keys and store it as a symbol on paper here: http://www.adams1.com/stack.html

    Symbology is very non-sexy knowledge, but valuable in logistics.

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
  4. Re:What Happens When ... by dgatwood · · Score: 5, Informative

    Reading numbers is more error prone. With the bar code, there are presumably lots of check digits and other such loveliness encoded into it.

    As for folding it, what happens? Probably nothing. There are usually CRCs (or similar) and lots of other stuff in those 2D bar codes. This particular scheme, Data Matrix, is apparently highly redundant, allowing full recovery of the data even if (up to) 30% of the bar code is destroyed.

    http://www.tlashford.com/TLA/pages/Basic_sym/Symbol_overview.htm#DATAMATRIX
    http://en.wikipedia.org/wiki/Data_matrix_(computer)

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  5. Re:What Happens When ... by kill-1 · · Score: 3, Informative

    The paper key seems to contain 4x4 x 22x22 = 7744 bits. So can't tear it in half but almost.

  6. Re:How much added security? by owlstead · · Score: 3, Informative

    Yes, whenever you use a key it becomes more vulnerable. This only adds security to the storage, not the use. It's amazing how many times this kind of thing is forgotten, e.g. when using an ultra-secure USB device on a computer with zero protection. It becomes even more "interesting" when you have to use the key in an automated system - obviously this design is not meant for continuous use :).

  7. paperkey and libdmtx by c_g_hills · · Score: 3, Informative

    See http://www.mail-archive.com/gnupg-users@gnupg.org/msg10827.html.

    The original paperkey software takes out the redundant key material for a smaller amount of data. You can restore the original key by combining the output with the public key.

    To encode:

    gpg --export-secret-key (thekey) | paperkey --output-type raw | dmtxwrite -e8 -f pdf > my_pdf_file.pdf

    You can pass pdf, eps, svg, etc, to the -f option. Use 'dmtxwrite -l' to get a list of all supported image formats.

    To decode:

    dmtxread -N1 my_pdf_file.pdf | paperkey --pubring ~/.gnupg/pubring.gpg > my_new_secret_key.gpg

  8. I'll save you some money by dangermonkeyboy · · Score: 4, Informative

    $ gpg --export | dmtxwrite --encoding=8 --format=PNG | lp

    To be honest, I thought trusted paper keys were already common knowledge among geeks:

    http://en.wikipedia.org/wiki/Trusted_paper_key

  9. Re:In 2006, a guy recited Pi to 100000 places... by Sir_Lewk · · Score: 3, Informative

    Problem is, this is an RSA key, it can't just be any random string of bits, it has to be two very large prime numbers. Users won't be chosing a 4096bit key, it will be generated for them.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)