Slashdot Mirror
Privacy With a 4096 Bit RSA Key — Offline, On Paper
HavanaF writes "Online backup is practical, but can it offer any privacy? The Dutch security company Safeberg developed an Offline Private Key Protocol, with an asymmetric key scheme. The protocol demands that the private (decryption) key be stored away from the 'source' computer, which presumably is 'too vulnerable.' The catch is that the private key needs to be fairly large to be secure: a 4,096-bit RSA key should suffice for some years. But how to store an 800-character key offline? Safeberg introduces a machine readable paper key, with the 4k-bit key crammed in a giant 2D Datamatrix barcode. This video on key strength tells the story."
... you fold the paper your 2D key is on? Tears, that's what. Tears.
Guy holding knife and laxatives: "Poop the paper! Poop it now!"
"Hegelians, who love a synthesis, will probably conclude that he wears a wig." - Bertrand Russell
I'll fax you a xerox of my public key. Is analog the new steam punk?
Than a 4096 Bit RSA Key that is stored on a standalone computer?
Nothing, but that poor guy will have to remember passwords for everyone!
Online backup is practical
not for my 1.5 terabyte HDD which is about half full.
Right now backing up from hard drive to hard drive takes forever (hours). How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?
If the source computer is vulnerable, the private key will be vulnerable as well as soon as you use a device connected to the compromised computer to scan it.
After surfing around a bit on the source site I can't find any compelling reasons why I should use a giant unwieldy printable 2D Barcode instead of a smartcard ? A smartcard reader costs 25 bucks now a days so that cant be much of an obstacle.
Datamatrix is the Gif of the barcode world. It has a bunch of patents covering it.
PDF417 does mostly the same thing, can be read with a laser (instead of an imager) and was designed to be open source and patent free from the beginning.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Hang on! let me get my giant barcode out of my pocket!
that reminds me of Robin Williams doing his Adam and Eve sketch....."Stand back honey, I do not know how big this can get!!"
"If a boss demands loyalty, give him integrity. But if he demands integrity, give him loyalty." (John Boyd, 1927-1997)
"Defecate thy papyrus!"
"Hegelians, who love a synthesis, will probably conclude that he wears a wig." - Bertrand Russell
Do people actually use the systems they produce and sell?
Free Manning, jail Obama.
Since the purpose of this is to backup critical data, you want to make darn sure that you never loose the key, or all the data is worthless. Storing pieces of paper securely and safe from disaster is something that we have been doing for years, and you don't have to look very far for a solution. On the otherhand, most safes, fire boxes and safety deposit boxes will still get hot enough enough in a fire to destroy any digital media stored in them.Paper offers a simple, traditional backup while something like a smart-card could be used on a day to day basis.
So what could be so hard about memorizing a measly 800 or so characters?
Pi might be hard. But for encryption keys, It's not hard at all. You just repeat "12345" one hundred and sixty times.
Now, I want half of you to mod this funny, because it is. I want the other half of you to mod it insightful, because we all know that when you put 4096 bit encryption into the hands of an average person, they really do type 12345 one hundred and sixty times.
I'm not sure I grok this notion of not storing the key with the source machine. I mean... if I can get to the machine you backed up... I don't really need to get to the backup, do I? I've got fresher data right there in front of me.
Now, if you're really trying to protect some kind of historical record of how your data has progressed over time, then that would be a reason why access to the source computer still didn't get the intruder access to what you're trying to protect... but that's a very special case.
Dunno. Maybe I'm just missing the point.
This makes absolutely no sense. Smart cards have been around for many years now. There, you NEVER give ANYONE or anything access to your private key. Challenge-response, one-time-passwords, tokens, etc, etc. Putting it on paper is LESS SECURE than sticking it on a thunb drive. Then at least it can't be stolen by taking a picture...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
"What's your password?"
"Umm....let's see. Del Monte canned peaches in light syrup, kraft macaroni and cheese, hunts canned pizza sauce, campbels chicken and noodle soup"
"We need a Safeway, tape, scissors and a barcode reader!"
That's just the thing... a printed key is just one washing machine away from complete and total disaster at the data center.
He who has no
See http://www.mail-archive.com/gnupg-users@gnupg.org/msg10827.html.
The original paperkey software takes out the redundant key material for a smaller amount of data. You can restore the original key by combining the output with the public key.
To encode:
gpg --export-secret-key (thekey) | paperkey --output-type raw | dmtxwrite -e8 -f pdf > my_pdf_file.pdf
You can pass pdf, eps, svg, etc, to the -f option. Use 'dmtxwrite -l' to get a list of all supported image formats.
To decode:
dmtxread -N1 my_pdf_file.pdf | paperkey --pubring ~/.gnupg/pubring.gpg > my_new_secret_key.gpg
when you put 4096 bit encryption into the hands of an average person, they really do type 12345 one hundred and sixty times.
I'm obviously above average then - i'd use cut & paste to do the job in seconds!
... until there's a 640kbit key. 640k ought to be enough for anybody.
But seriously, it was just a few years back when we though 128bit keys were unbreakably long. Now 2048bit is standard, and about to get broken. 4096bit isn't enough right now. 16kbit is just about right, but that will get broken in early 2015.
Does it come with a sticky backing so I can put it next to all the passwords I wrote down?
$ gpg --export | dmtxwrite --encoding=8 --format=PNG | lp
To be honest, I thought trusted paper keys were already common knowledge among geeks:
http://en.wikipedia.org/wiki/Trusted_paper_key
Problem is, this is an RSA key, it can't just be any random string of bits, it has to be two very large prime numbers. Users won't be chosing a 4096bit key, it will be generated for them.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
i think you're mixing up key length for symmetric ciphers (like AES, 3DES, Blowfish, etc.) which are generally quite short like 128 or 256 bits and key lengths for _asymetric_ cryptosystems which vary much more in length and in the case of RSA are somewhere closer to 2048 and 4096.
The reason is that for symmetric ciphers we _believe_ to be secure the best an attacker can do is brute force the key space. so that means brute forcing 2^128 or 2^256 possible keys. That's a hell of a lot of work. with current technology probably infeasible.
but for asymmetric schemes it's not as straightforward. To get a glimpse of why this is think about RSA keys. The public key is an exponent e and an integer n which is the product of two large primes. Now not every string of 4096 is actually represents such a pair number of numbers. (in particular not every bit-string is the product of two primes). so not every string of that length is a valid key. so brute forcing the key space doesn't mean trying every possible string of that length. just the ones which are the product of two primes which is a fair bit less.
Another reason for comparatively longer keys is this. In generally, for many asymmetric cryptosystems there are various attacks known which are still super-polynomial (i.e. inefficient) but are never the less sub-exponential which is what a brute force key search would be. so you have to adjust your key length to reflect these faster attacks even if brute forcing wouldn't be feasible even for shorter keys. (i think some examples of such attacks for factoring (which would break RSA) are the Pollard-Rho method, varients of Quadratic Sieve algorithm, and the Eleptic Curve method.)
It takes a special kind of mind to do that.
And that said... I memorized a 48 character hexadecimal password, in case I ever need one. :P
I hope it wasn't F80FFA585E9867B804D998A2ED65E55BFC352C3C500684CC, cuz that's the one I'm using.
#DeleteChrome
You convert it into a Base-52 or Base-26 representation, so all keybits are represented by ordinary letters such as A-Z (you might expand it a little to include common punctuation marks), and underline different characters on the page that correspond to digits of your key..
Also, you can XOR your 4096 key, by a truly random 4096 bit value.
Destroy the original key, and print the random number and the XOR result in two different books at completely different places.
You can XOR it a few more times, and divide the key into 5 or 6 pieces.
Then go to the library with a pencil one night, and (covertly) store a copy of your key in various books.
Making plenty of redundant copies of course, and visiting multiple libraries (for fear that part of your key would be unavailable due to someone else having checked out one of your bits).
Damn thats the same combination I use on my luggage!
Watch me build my house
I punched my private key onto 80 column punched cards for offline storage back in 1979. It was the only way to keep a key private on a mainframe where the operator could read all files.
I like a little alliteration in my catchphrases. How about:
Void thine vellum!
Oust thine onion skin!
And that's about all I can come up with.
Except maybe "Shit the sheet", but that doesn't sound as nice.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai