Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy With a 4096 Bit RSA Key — Offline, On Paper

Posted by timothy on from the you'll-need-a-bigger-id-badge dept.

HavanaF writes "Online backup is practical, but can it offer any privacy? The Dutch security company Safeberg developed an Offline Private Key Protocol, with an asymmetric key scheme. The protocol demands that the private (decryption) key be stored away from the 'source' computer, which presumably is 'too vulnerable.' The catch is that the private key needs to be fairly large to be secure: a 4,096-bit RSA key should suffice for some years. But how to store an 800-character key offline? Safeberg introduces a machine readable paper key, with the 4k-bit key crammed in a giant 2D Datamatrix barcode. This video on key strength tells the story."

17 of 232 comments (clear)

  1. Re:What Happens When ... by zippthorne · · Score: 2, Insightful

    Which brings to mind an important question: Why not just have the machine read the hex?

    --
    Can you be Even More Awesome?!
  2. How is this any more secure by Monkeedude1212 · · Score: 3, Insightful

    Than a 4096 Bit RSA Key that is stored on a standalone computer?

    1. Re:How is this any more secure by maxwell+demon · · Score: 2, Insightful

      Or stored on a standard external storage medium like, say, an USB stick?

      --
      The Tao of math: The numbers you can count are not the real numbers.
    2. Re:How is this any more secure by SanityInAnarchy · · Score: 2, Insightful

      If you use the standalone computer for anything but storing the key,

      Same problem occurs if I write doodles on the paper -- though I fail to see how that reduces the security, only the reliability.

      or fail to physically secure the standalone computer from access

      Granted, it's easier to secure a piece of paper. But the same problem applies.

      More importantly, a closer analog to the paper is a USB thumb drive, which will fit just as neatly in a safety deposit box, or in your pocket, or (apparently) in your digestive system. It has flaws, but these would seem to be the exact same flaws the paper does -- for example, any machine on which I decrypt the data is necessarily a machine which will hold that key in RAM at some point, which means it's a point of failure.

      The most paranoid solution I know of in that vein, which I used for awhile, is to boot off a thumb drive (which has the stored keys) and use full-disk encryption on the hard drive. I'd be pwned if and only if someone implements a BIOS-level or hardware-level exploit, and somehow does it without me noticing -- I kept a pretty close eye on that machine, physically. (Tempest would probably work, but you're not going to be left alone with it for long enough to do anything -- best case, you steal it, but then you don't have the USB key in my pocket.)

      I stopped doing that when the USB key died, suddenly and completely, leaving me no way of accessing my data -- and my new laptop has an SSD, which is actually fast enough that crypto speed might be a limiting factor, whereas it definitely won't be on a 5400 RPM drive with any sort of modern CPU.

      will likely be more likely to be practically usable to access data a longer time into the future.

      Possible. We know a lot more about how paper degrades than we do about how data degrades (yet).

      Though in this case, a key factor is making sure the paper has the key in a human-readable form as well as a machine-readable form, since long-term availability of tools to read any particular machine-readable format is an issue. If you use text in an OCR-friendly font, the human readable format and the machine readable format can be the same.

      Apparently, this is a 2D barcode, with the hex version printed alongside it, so it fulfills both.

      --
      Don't thank God, thank a doctor!
    3. Re:How is this any more secure by mysidia · · Score: 2, Insightful

      How about SmartCards and a smartcard reader?

      Have the card itself execute decryption of the symmetric key without revealing the private key to the PC, when it's read.

      It will probably be cheaper than the uber-expensive specialized scanner+software from this vendor, you'll need to be able to scan the "cheap" paper key, anyways

      And more secure in that the private RSA key is not subject to being stolen from PC RAM, or by modifying the decryption program on the PC to capture the key.

  3. Re:What Happens When ... by RobVB · · Score: 2, Insightful

    The company could store a last-resort backup at a different facility, and allow you access after checking a bunch of biometrics.

    --
    I'd rather you rationally disagree than irrationally agree.
  4. no thanks my Hard drive is too big by Spy+Handler · · Score: 3, Insightful

    Online backup is practical

    not for my 1.5 terabyte HDD which is about half full.

    Right now backing up from hard drive to hard drive takes forever (hours). How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?

    1. Re:no thanks my Hard drive is too big by dziban303 · · Score: 2, Insightful

      Yeah, but since when has the post office ever delivered something in one day? I'd say 4MB/s is more likely.

    2. Re:no thanks my Hard drive is too big by Tubal-Cain · · Score: 2, Insightful

      Make the first backup locally before moving it to the remote site?

  5. Re:First Po.. by gadget+junkie · · Score: 3, Insightful

    Hang on! let me get my giant barcode out of my pocket!

    that reminds me of Robin Williams doing his Adam and Eve sketch....."Stand back honey, I do not know how big this can get!!"

    --
    "If a boss demands loyalty, give him integrity. But if he demands integrity, give him loyalty." (John Boyd, 1927-1997)
  6. And this is practical, how? by he-sk · · Score: 3, Insightful

    Do people actually use the systems they produce and sell?

    --
    Free Manning, jail Obama.
  7. Re:What Happens When ... by maxwell+demon · · Score: 4, Insightful

    Reading numbers is more error prone. With the bar code, there are presumably lots of check digits and other such loveliness encoded into it.

    There's no reason you cannot insert check digits into the number as well.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  8. Backup by pavon · · Score: 2, Insightful

    Since the purpose of this is to backup critical data, you want to make darn sure that you never loose the key, or all the data is worthless. Storing pieces of paper securely and safe from disaster is something that we have been doing for years, and you don't have to look very far for a solution. On the otherhand, most safes, fire boxes and safety deposit boxes will still get hot enough enough in a fire to destroy any digital media stored in them.Paper offers a simple, traditional backup while something like a smart-card could be used on a day to day basis.

  9. Re:In 2006, a guy recited Pi to 100000 places... by localman57 · · Score: 2, Insightful

    So what could be so hard about memorizing a measly 800 or so characters?

    Pi might be hard. But for encryption keys, It's not hard at all. You just repeat "12345" one hundred and sixty times.

    Now, I want half of you to mod this funny, because it is. I want the other half of you to mod it insightful, because we all know that when you put 4096 bit encryption into the hands of an average person, they really do type 12345 one hundred and sixty times.

  10. Re:What Happens When ... by Retric · · Score: 2, Insightful

    Also, if you can recover most of the digits and know which ones are missing you can probably brute force the rest.

  11. Re:What Happens When ... by GaryOlson · · Score: 3, Insightful

    ...paper is just silly. It is less "safe" (as opposed to secure) than a USB key...

    Paper has hundreds of years of technology development behind it; what is the oldest USB key you have? Technology easily and readily exists to store quality archive paper nearly indefinitely in temperature/light/humidity controlled environments.

    I might even guestimate bar code technology will disappear long before a properly created and stored paper archive.

    --
    Every mans' island needs an ocean; choose your ocean carefully.
  12. Not exactly new by ei4anb · · Score: 2, Insightful

    I punched my private key onto 80 column punched cards for offline storage back in 1979. It was the only way to keep a key private on a mainframe where the operator could read all files.