Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy With a 4096 Bit RSA Key — Offline, On Paper

Posted by timothy on from the you'll-need-a-bigger-id-badge dept.

HavanaF writes "Online backup is practical, but can it offer any privacy? The Dutch security company Safeberg developed an Offline Private Key Protocol, with an asymmetric key scheme. The protocol demands that the private (decryption) key be stored away from the 'source' computer, which presumably is 'too vulnerable.' The catch is that the private key needs to be fairly large to be secure: a 4,096-bit RSA key should suffice for some years. But how to store an 800-character key offline? Safeberg introduces a machine readable paper key, with the 4k-bit key crammed in a giant 2D Datamatrix barcode. This video on key strength tells the story."

10 of 232 comments (clear)

  1. What Happens When ... by WrongSizeGlass · · Score: 4, Funny

    ... you fold the paper your 2D key is on? Tears, that's what. Tears.

    1. Re:What Happens When ... by mpapet · · Score: 5, Informative

      Bar codes printed on media of all kinds are generally quite robust and not error prone. The printing device does not need to be special in any way. The reader does not need to be special in any way. Print the key on acid-free paper using a laser printer and store it for a looong time. I'll leave it up to the slashdot tifosi to declare how long it would last in a bank vault.

      Some nice ways to encode keys and store it as a symbol on paper here: http://www.adams1.com/stack.html

      Symbology is very non-sexy knowledge, but valuable in logistics.

      --
      http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
    2. Re:What Happens When ... by dgatwood · · Score: 5, Informative

      Reading numbers is more error prone. With the bar code, there are presumably lots of check digits and other such loveliness encoded into it.

      As for folding it, what happens? Probably nothing. There are usually CRCs (or similar) and lots of other stuff in those 2D bar codes. This particular scheme, Data Matrix, is apparently highly redundant, allowing full recovery of the data even if (up to) 30% of the bar code is destroyed.

      http://www.tlashford.com/TLA/pages/Basic_sym/Symbol_overview.htm#DATAMATRIX
      http://en.wikipedia.org/wiki/Data_matrix_(computer)

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    3. Re:What Happens When ... by maxwell+demon · · Score: 4, Insightful

      Reading numbers is more error prone. With the bar code, there are presumably lots of check digits and other such loveliness encoded into it.

      There's no reason you cannot insert check digits into the number as well.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    4. Re:What Happens When ... by Yvan256 · · Score: 4, Funny

      you can recover the data from the entropy in the universe.

      I tried do to that and all I got was "42".

  2. Don't use datamatrix by GigsVT · · Score: 4, Informative

    Datamatrix is the Gif of the barcode world. It has a bunch of patents covering it.

    PDF417 does mostly the same thing, can be read with a laser (instead of an imager) and was designed to be open source and patent free from the beginning.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
    1. Re:Don't use datamatrix by dangermonkeyboy · · Score: 5, Informative

      No offense, but this information is wrong. Data Matrix is completely unencumbered by patents. For one thing, it was released into the public domain by its inventor, and for another it's so old that even if there had been patents they would have expired by now.

      There was one "IP" company that made some noise in 2006-2007 claiming to cover some of the underlying technology in their patent portfolio, but they were handed their hats in court. I followed the issue very closely, even stopping distribution of my Data Matrix open source project for a while, pending this outcome. But rest assured that Data Matrix is unencumbered by patents and safe to use in your projects.

  3. Re:How is this any more secure by DragonWriter · · Score: 4, Informative

    Than a 4096 Bit RSA Key that is stored on a standalone computer?

    If you use the standalone computer for anything but storing the key, or fail to physically secure the standalone computer from access (separate to any physical security on any computer on which data resides that is secured with the key) it is obviously more secure to keep the key on paper, physically secured in something that isn't opened except to access the key.

    If you don't use the standalone computer for anything else, and have it separately physically secured, then for any reasonable use of the word "computer", it will probably be equally secure, and vastly less expensive to separately secure the key on paper, instead.

    Perhaps the more relevant comparison is separately securing paper vs. separately securing long-term electronic storage media. The sheet of paper will probably be cheaper in any case (though the price difference drops if you are using inexpensive electronic storage media rather than a dedicate computer), and will likely be more likely to be practically usable to access data a longer time into the future. Though in this case, a key factor is making sure the paper has the key in a human-readable form as well as a machine-readable form, since long-term availability of tools to read any particular machine-readable format is an issue. If you use text in an OCR-friendly font, the human readable format and the machine readable format can be the same.

  4. Re:Another plausible scenario I have to watch out by Merc248 · · Score: 5, Funny

    "Defecate thy papyrus!"

    --
    "Hegelians, who love a synthesis, will probably conclude that he wears a wig." - Bertrand Russell
  5. I'll save you some money by dangermonkeyboy · · Score: 4, Informative

    $ gpg --export | dmtxwrite --encoding=8 --format=PNG | lp

    To be honest, I thought trusted paper keys were already common knowledge among geeks:

    http://en.wikipedia.org/wiki/Trusted_paper_key