Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy With a 4096 Bit RSA Key — Offline, On Paper

Posted by timothy on from the you'll-need-a-bigger-id-badge dept.

HavanaF writes "Online backup is practical, but can it offer any privacy? The Dutch security company Safeberg developed an Offline Private Key Protocol, with an asymmetric key scheme. The protocol demands that the private (decryption) key be stored away from the 'source' computer, which presumably is 'too vulnerable.' The catch is that the private key needs to be fairly large to be secure: a 4,096-bit RSA key should suffice for some years. But how to store an 800-character key offline? Safeberg introduces a machine readable paper key, with the 4k-bit key crammed in a giant 2D Datamatrix barcode. This video on key strength tells the story."

3 of 232 comments (clear)

  1. Re:Don't use datamatrix by Kostya · · Score: 3, Interesting

    The wikipedia article on DataMatrix (http://en.wikipedia.org/wiki/Data_Matrix#Patent_issues) seems to imply it is unencumbered--perhaps I'm misunderstanding something?

    Prior to the expiration of U.S. Patent 5,612,524, intellectual property company Acacia Technologies claimed that Data Matrix was partially covered by its contents. As the patent owner, Acacia allegedly contacted Data Matrix users demanding license fees related to the patent.

    Cognex Corporation, a large manufacturer of 2D barcode devices, filed a declaratory judgment complaint on March 13, 2006 after receiving information that Acacia had contacted its customers demanding licensing fees. On May 19, 2008 Judge Joan N. Ericksen of the U.S. District Court in Minnesota ruled in favor of Cognex. The ruling held that the '524 patent, which claimed to cover a system for capturing and reading 2D symbology codes, is both invalid and unenforceable due to inequitable conduct by the defendants during the procurement of the patent.

    Notably, since the '524 patent expired in November 2007, a ruling against Cognex wouldn't have affected current use of Data Matrix anyway. However, it would have established that use of Data Matrix prior to November 2007 could potentially be covered by the '524 patent.

    --
    "Doubt your doubts and believe your beliefs." -- Switchfoot, Ode to Chin
  2. Ummmm.... by jemenake · · Score: 3, Interesting

    I'm not sure I grok this notion of not storing the key with the source machine. I mean... if I can get to the machine you backed up... I don't really need to get to the backup, do I? I've got fresher data right there in front of me.

    Now, if you're really trying to protect some kind of historical record of how your data has progressed over time, then that would be a reason why access to the source computer still didn't get the intruder access to what you're trying to protect... but that's a very special case.

    Dunno. Maybe I'm just missing the point.

  3. Re:Another plausible scenario I have to watch out by Red+Flayer · · Score: 3, Interesting

    I like a little alliteration in my catchphrases. How about:

    Void thine vellum!
    Oust thine onion skin!

    And that's about all I can come up with.

    Except maybe "Shit the sheet", but that doesn't sound as nice.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai