Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Encryption Cloud Input Devices Privacy Your Rights Online

Privacy With a 4096 Bit RSA Key — Offline, On Paper 232

Posted by timothy
from the you'll-need-a-bigger-id-badge dept.
HavanaF writes "Online backup is practical, but can it offer any privacy? The Dutch security company Safeberg developed an Offline Private Key Protocol, with an asymmetric key scheme. The protocol demands that the private (decryption) key be stored away from the 'source' computer, which presumably is 'too vulnerable.' The catch is that the private key needs to be fairly large to be secure: a 4,096-bit RSA key should suffice for some years. But how to store an 800-character key offline? Safeberg introduces a machine readable paper key, with the 4k-bit key crammed in a giant 2D Datamatrix barcode. This video on key strength tells the story."
This discussion has been archived. No new comments can be posted.

Privacy With a 4096 Bit RSA Key — Offline, On Paper

Comments Filter:
  • by WrongSizeGlass (838941) on Wednesday March 03, 2010 @06:06PM (#31351926)
    ... you fold the paper your 2D key is on? Tears, that's what. Tears.
    • It looks like the key is printed out in Hex at the bottom as well as the QR barcode.

    • by fructose (948996)
      Why would yo fold it? Put it in your filing cabinet and maybe put a copy in a firesafe. Plus, one fold isn't going to tear a paper. I've got lots of papers that are folded that aren't torn. Sure some copies will tear, but some passwords get forgotten too. It's not a perfect solution, but it is another option for those who want a fairly high level of security.
      • Why would yo fold it?

        To keep it in my pocket just in case I ever needed it. Sheesh.

      • by treeves (963993)
        He didn't mean tearing of the paper. He meant that he'd cry. Tears.
      • by bane2571 (1024309)
        but how is this any different from some kind of redundancy based file system stored on a USB key in the same file safe other than that the USB is probably a lot faster?
        • Mod parent up!

          In order to be really secure, onsite storage of the key is a no-no anyway, so this system must presume anyone interested in getting the password does not have site access.

          And in that case, paper is just silly. It is less "safe" (as opposed to secure) than a USB key, since a USB key can't fold or tear, and water won't normally damage it.

          I'd say this is a solution looking for a problem. It might be great for off-site backup of your USB key. But I don't see it as useful for much of anyth
          • by GaryOlson (737642) <slashdot&garyolson,org> on Wednesday March 03, 2010 @08:37PM (#31353278) Journal

            ...paper is just silly. It is less "safe" (as opposed to secure) than a USB key...

            Paper has hundreds of years of technology development behind it; what is the oldest USB key you have? Technology easily and readily exists to store quality archive paper nearly indefinitely in temperature/light/humidity controlled environments.

            I might even guestimate bar code technology will disappear long before a properly created and stored paper archive.

            • by Thiez (1281866)

              Why one would want to use the same RSA key for years and years is beyond me. Want something encrypted for the next 100 years? Don't bother with public key, go block cypher. Why not stick to AES or something similar?

          • a USB key can't fold or tear, and water won't normally damage it.

            Last (southern) summer I had a bunch of SD cards in my wallet, then they went missing. So this summer I put on a pair of short pants and there were my cards, in a zip up pocket. They had been washed twice in hot water and still worked perfectly.

          • Re: (Score:3, Funny)

            by Darkness404 (1287218)
            In order to be really secure, the machine is powered off, placed in a locked, bombproof, uncrackable safe and left there. Anything else exposes risks.
    • Re: (Score:3, Funny)

      by Sponge Bath (413667)
      Unfold it? Just be sure not to wipe your ass with it.
    • Re: (Score:3, Insightful)

      by RobVB (1566105)

      The company could store a last-resort backup at a different facility, and allow you access after checking a bunch of biometrics.

    • Re: (Score:3, Informative)

      by wiredlogic (135348)

      All matrix codes have enough redundancy to allow successful decoding when the image is partially damaged. Some have so much redundancy that you can tear them in half and still recover the contents.

    • by mpapet (761907) on Wednesday March 03, 2010 @06:32PM (#31352252) Homepage

      Bar codes printed on media of all kinds are generally quite robust and not error prone. The printing device does not need to be special in any way. The reader does not need to be special in any way. Print the key on acid-free paper using a laser printer and store it for a looong time. I'll leave it up to the slashdot tifosi to declare how long it would last in a bank vault.

      Some nice ways to encode keys and store it as a symbol on paper here: http://www.adams1.com/stack.html [adams1.com]

      Symbology is very non-sexy knowledge, but valuable in logistics.

      • If you're really 'paranoid' about storage time get a thin aluminium or steel shim the size of a credit card and etch onto the back of that.

      • Re: (Score:2, Funny)

        by jd2112 (1535857)

        Bar codes printed on media of all kinds are generally quite robust and not error prone.

        Excepet at the supermarket, when you are in a hurry...

  • by Merc248 (1026032) on Wednesday March 03, 2010 @06:07PM (#31351934) Homepage

    Guy holding knife and laxatives: "Poop the paper! Poop it now!"

  • by akirapill (1137883) on Wednesday March 03, 2010 @06:10PM (#31351976)
    I'll fax you a xerox of my public key. Is analog the new steam punk?
  • So what could be so hard about memorizing a measly 800 or so characters?

    • Re: (Score:3, Funny)

      by hansraj (458504)

      Nothing, but that poor guy will have to remember passwords for everyone!

    • It takes a special kind of mind to do that.

      And that said... I memorized a 48 character hexadecimal password, in case I ever need one. :P

      • Re: (Score:3, Funny)

        It takes a special kind of mind to do that.

        And that said... I memorized a 48 character hexadecimal password, in case I ever need one. :P

        I hope it wasn't F80FFA585E9867B804D998A2ED65E55BFC352C3C500684CC, cuz that's the one I'm using.

    • Re: (Score:3, Insightful)

      by localman57 (1340533)

      So what could be so hard about memorizing a measly 800 or so characters?

      Pi might be hard. But for encryption keys, It's not hard at all. You just repeat "12345" one hundred and sixty times.

      Now, I want half of you to mod this funny, because it is. I want the other half of you to mod it insightful, because we all know that when you put 4096 bit encryption into the hands of an average person, they really do type 12345 one hundred and sixty times.

  • This sounds like a way to put punch cards back in every office.

    • Re: (Score:2, Funny)

      by azenpunk (1080949)

      "What's your password?"

      "Umm....let's see. Del Monte canned peaches in light syrup, kraft macaroni and cheese, hunts canned pizza sauce, campbels chicken and noodle soup"

      "We need a Safeway, tape, scissors and a barcode reader!"

  • by Monkeedude1212 (1560403) on Wednesday March 03, 2010 @06:17PM (#31352060) Journal

    Than a 4096 Bit RSA Key that is stored on a standalone computer?

    • Re: (Score:2, Insightful)

      by maxwell demon (590494)

      Or stored on a standard external storage medium like, say, an USB stick?

    • by DragonWriter (970822) on Wednesday March 03, 2010 @06:28PM (#31352204)

      Than a 4096 Bit RSA Key that is stored on a standalone computer?

      If you use the standalone computer for anything but storing the key, or fail to physically secure the standalone computer from access (separate to any physical security on any computer on which data resides that is secured with the key) it is obviously more secure to keep the key on paper, physically secured in something that isn't opened except to access the key.

      If you don't use the standalone computer for anything else, and have it separately physically secured, then for any reasonable use of the word "computer", it will probably be equally secure, and vastly less expensive to separately secure the key on paper, instead.

      Perhaps the more relevant comparison is separately securing paper vs. separately securing long-term electronic storage media. The sheet of paper will probably be cheaper in any case (though the price difference drops if you are using inexpensive electronic storage media rather than a dedicate computer), and will likely be more likely to be practically usable to access data a longer time into the future. Though in this case, a key factor is making sure the paper has the key in a human-readable form as well as a machine-readable form, since long-term availability of tools to read any particular machine-readable format is an issue. If you use text in an OCR-friendly font, the human readable format and the machine readable format can be the same.

      • Re: (Score:3, Insightful)

        If you use the standalone computer for anything but storing the key,

        Same problem occurs if I write doodles on the paper -- though I fail to see how that reduces the security, only the reliability.

        or fail to physically secure the standalone computer from access

        Granted, it's easier to secure a piece of paper. But the same problem applies.

        More importantly, a closer analog to the paper is a USB thumb drive, which will fit just as neatly in a safety deposit box, or in your pocket, or (apparently) in your digestive system [slashdot.org]. It has flaws, but these would seem to be the exact same flaws the paper does -- for example, any machine on which I decr

        • If you use the standalone computer for anything but storing the key,

          Same problem occurs if I write doodles on the paper -- though I fail to see how that reduces the security, only the reliability.

          Well, doodles on the paper affects reliability. Using the computer for other things affects reliability, true, but if it is separately physically secured, using it for other things means more opportunity for physical security problems, and not separately physically securing it is a pretty big security deficit comp

        • Re: (Score:3, Informative)

          by kalidasa (577403)
          There's a book that's 2200 years old. I don't mean the story (or in this case, poem) is 2200 years old, I mean the *piece of paper* (or in this case, papyrus) on which someone copied the (2400 year-old) poem is 2200 years old. In the right conditions, archival quality paper will last a *lot* longer than any electronic medium.
    • by owlstead (636356)

      It's not more secure. It's cheaper. It's less likely to break down. You can store it in a safe. You can print it using a desktop printer. And its infinitely less likely to be wiped and used as a gaming machine by your 14 year old (if you have 4 year olds you might need the safe though).

      • You can store USB keys in a safe. They're relatively cheap. They have no potential to be used as a gaming machine.

        • Re: (Score:2, Insightful)

          by mysidia (191772)

          How about SmartCards and a smartcard reader?

          Have the card itself execute decryption of the symmetric key without revealing the private key to the PC, when it's read.

          It will probably be cheaper than the uber-expensive specialized scanner+software from this vendor, you'll need to be able to scan the "cheap" paper key, anyways

          And more secure in that the private RSA key is not subject to being stolen from PC RAM, or by modifying the decryption program on the PC to capture the key.

    • Re: (Score:3, Interesting)

      by Locke2005 (849178)
      Simple: you print the key in a blank spot on a random page of War and Peace. Good luck to anybody trying to find it without knowing the page number! Whereas in a standalone computer, any disk analysis software should be able to find the key. The point is, as in The Purloined Letter, you put the key in a place no one would think to look for it. Searching your computer and computer media is the _first_ thing anyone looking for the key is going to do! When they come in with a warrant to confiscate your compute
      • Simple: you print the key in a blank spot on a random page of War and Peace. Good luck to anybody trying to find it without knowing the page number!

        Hey, that's a great idea! But I guess if someone flips through the book, s/he'd be able to find it. Here's an additional idea: print various fake keys in addition, on other pages, and only you know which page contains the real key. Although I guess, unless you use a lot of fake keys, the enemy would be able to just try each key in turn. Defense to that: comb

    • by Urza9814 (883915)

      It's cheap?

      Also doesn't need electricity, won't suffer a hard drive crash, and is easily duplicated (may or may not be good). Also it's pretty cheap and easy to make paper fairly durable. Laminate itt, print it on photo paper...hell, there's no reason you really need to use paper at all. You could store it on film, you could store it on wood or a clay tablet probably...hell with sufficient desire you could make it out of cement or even friggin' trees. The interesting thing about this is not the fact that it

    • by GaryOlson (737642)
      Paper is easily filed [and probably lost] forever; or at least until the information on it is no longer needed.

      The computer has to have an asset tag, the asset has to be depreciated, and the asset has to be disposed of eventually. Some enterprising hacker will recover that key from an improper hard drive disposal...everytime. Murphy is ascendant.
  • by Spy Handler (822350) on Wednesday March 03, 2010 @06:17PM (#31352076) Homepage Journal

    Online backup is practical

    not for my 1.5 terabyte HDD which is about half full.

    Right now backing up from hard drive to hard drive takes forever (hours). How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?

    • by toastar (573882) on Wednesday March 03, 2010 @06:29PM (#31352212)

      How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?

      you can get about 17 MBytes/Sec with a 1.5TB through USPS

      • Re: (Score:2, Insightful)

        by dziban303 (540095)
        Yeah, but since when has the post office ever delivered something in one day? I'd say 4MB/s is more likely.
      • How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?

        you can get about 17 MBytes/Sec with a 1.5TB through USPS

        Yes, but what are the service fees? And... where are you overnighting this?

        If I wanted highly secure off-site backups, I'd buy an external hard drive or two and keep them in a safe deposit box at my local bank. Do the math on a 15 minutes each way (twice, first getting the hd then going back to put it in) + 15 minutes at the bank each time + x amount of time updating 1.5TB through USB... I bet it'll beat your USPS throughput.

      • Re: (Score:3, Funny)

        by dangitman (862676)

        you can get about 17 MBytes/Sec with a 1.5TB through USPS

        Liar! 17 Megabyte files always take 20 minutes to copy. Always.

      • Re: (Score:3, Informative)

        by martas (1439879)
        Never underestimate the bandwidth of a truck full of tapes hurling down the highway - Andrew S. Tanenbaum
    • by owlstead (636356)

      OK, OK but it is probably practical for most things that require 4096 bits of RSA security. I've currently got two levels of backup. My administration/contacts etc. which is encrypted and backed up to my local ISP at ADSL speeds and on a tiny 2.5" external hdd, and a second one which *should* be stored on a separate hard disk or a RAID system. My favorite CD's I just copy to all my devices. Other things are just not worth backup up, such as 1 TB of downloaded movies - if I like them enough I simply buy the

    • by evilviper (135110)

      not for my 1.5 terabyte HDD which is about half full.

      Doesn't matter how big the volume is. It only matters how much data changes every day. Even if it takes days to sync up the first time, as long as only a few GBs changes, subsequent backups will go plenty fast.

  • by SmilingBoy (686281) on Wednesday March 03, 2010 @06:18PM (#31352086)
    If the source computer is vulnerable, the private key will be vulnerable as well as soon as you use a device connected to the compromised computer to scan it.
    • by owlstead (636356) on Wednesday March 03, 2010 @06:44PM (#31352404)

      Yes, whenever you use a key it becomes more vulnerable. This only adds security to the storage, not the use. It's amazing how many times this kind of thing is forgotten, e.g. when using an ultra-secure USB device on a computer with zero protection. It becomes even more "interesting" when you have to use the key in an automated system - obviously this design is not meant for continuous use :).

  • Smartcard ? (Score:2, Interesting)

    After surfing around a bit on the source site I can't find any compelling reasons why I should use a giant unwieldy printable 2D Barcode instead of a smartcard ? A smartcard reader costs 25 bucks now a days so that cant be much of an obstacle.
    • Backup (Score:3, Insightful)

      by pavon (30274)

      Since the purpose of this is to backup critical data, you want to make darn sure that you never loose the key, or all the data is worthless. Storing pieces of paper securely and safe from disaster is something that we have been doing for years, and you don't have to look very far for a solution. On the otherhand, most safes, fire boxes and safety deposit boxes will still get hot enough enough in a fire to destroy any digital media stored in them.Paper offers a simple, traditional backup while something like

  • Don't use datamatrix (Score:5, Informative)

    by GigsVT (208848) on Wednesday March 03, 2010 @06:20PM (#31352108) Journal

    Datamatrix is the Gif of the barcode world. It has a bunch of patents covering it.

    PDF417 [wikipedia.org] does mostly the same thing, can be read with a laser (instead of an imager) and was designed to be open source and patent free from the beginning.

    • by Kostya (1146) on Wednesday March 03, 2010 @06:24PM (#31352158) Homepage Journal

      The wikipedia article on DataMatrix (http://en.wikipedia.org/wiki/Data_Matrix#Patent_issues) seems to imply it is unencumbered--perhaps I'm misunderstanding something?

      Prior to the expiration of U.S. Patent 5,612,524, intellectual property company Acacia Technologies claimed that Data Matrix was partially covered by its contents. As the patent owner, Acacia allegedly contacted Data Matrix users demanding license fees related to the patent.

      Cognex Corporation, a large manufacturer of 2D barcode devices, filed a declaratory judgment complaint on March 13, 2006 after receiving information that Acacia had contacted its customers demanding licensing fees. On May 19, 2008 Judge Joan N. Ericksen of the U.S. District Court in Minnesota ruled in favor of Cognex. The ruling held that the '524 patent, which claimed to cover a system for capturing and reading 2D symbology codes, is both invalid and unenforceable due to inequitable conduct by the defendants during the procurement of the patent.

      Notably, since the '524 patent expired in November 2007, a ruling against Cognex wouldn't have affected current use of Data Matrix anyway. However, it would have established that use of Data Matrix prior to November 2007 could potentially be covered by the '524 patent.

    • by dangermonkeyboy (622359) on Wednesday March 03, 2010 @09:07PM (#31353502)

      No offense, but this information is wrong. Data Matrix is completely unencumbered by patents. For one thing, it was released into the public domain by its inventor, and for another it's so old that even if there had been patents they would have expired by now.

      There was one "IP" company that made some noise in 2006-2007 claiming to cover some of the underlying technology in their patent portfolio, but they were handed their hats in court. I followed the issue very closely, even stopping distribution of my Data Matrix open source project for a while, pending this outcome. But rest assured that Data Matrix is unencumbered by patents and safe to use in your projects.

  • It would be hell if you lost the symbology though. Otherwise, this is very practical to the few who understand what been done.

    • It would be hell if you lost the symbology though

      I'm sure the word you were looking for was "symbolism.". It would be hell if you lost the symbo-- wait, oh, right...

      • by Barny (103770)

        *sigh*

        And they banned the sequel in Australia, still managed to get a copy, damn funny stuff :)

  • People have been using coloured matrices of keys, since the days of 8 bit games, for example JetSet Willy had one back in 1982 or 3.

    ---

    Cryptography [feeddistiller.com] Feed @ Feed Distiller [feeddistiller.com]

  • by he-sk (103163) on Wednesday March 03, 2010 @06:38PM (#31352324)

    Do people actually use the systems they produce and sell?

  • Ummmm.... (Score:4, Interesting)

    by jemenake (595948) on Wednesday March 03, 2010 @07:14PM (#31352676)
    I'm not sure I grok this notion of not storing the key with the source machine. I mean... if I can get to the machine you backed up... I don't really need to get to the backup, do I? I've got fresher data right there in front of me.

    Now, if you're really trying to protect some kind of historical record of how your data has progressed over time, then that would be a reason why access to the source computer still didn't get the intruder access to what you're trying to protect... but that's a very special case.

    Dunno. Maybe I'm just missing the point.
  • by rlp (11898)

    You could use long strips of paper [wikipedia.org] with holes punched in it (or not punched). Or you could build one of these [wikipedia.org] with a somewhat longer strip of paper.

  • Idiotic (Score:4, Funny)

    by evilviper (135110) on Wednesday March 03, 2010 @07:57PM (#31353032) Journal

    This makes absolutely no sense. Smart cards have been around for many years now. There, you NEVER give ANYONE or anything access to your private key. Challenge-response, one-time-passwords, tokens, etc, etc. Putting it on paper is LESS SECURE than sticking it on a thunb drive. Then at least it can't be stolen by taking a picture...

  • paperkey and libdmtx (Score:4, Informative)

    by c_g_hills (110430) <chaz.chaz6@com> on Wednesday March 03, 2010 @08:23PM (#31353200) Homepage Journal
    See http://www.mail-archive.com/gnupg-users@gnupg.org/msg10827.html [mail-archive.com].

    The original paperkey software takes out the redundant key material for a smaller amount of data. You can restore the original key by combining the output with the public key.

    To encode:

    gpg --export-secret-key (thekey) | paperkey --output-type raw | dmtxwrite -e8 -f pdf > my_pdf_file.pdf

    You can pass pdf, eps, svg, etc, to the -f option. Use 'dmtxwrite -l' to get a list of all supported image formats.

    To decode:

    dmtxread -N1 my_pdf_file.pdf | paperkey --pubring ~/.gnupg/pubring.gpg > my_new_secret_key.gpg
  • I'll hold out (Score:3, Interesting)

    by egcagrac0 (1410377) on Wednesday March 03, 2010 @08:48PM (#31353352)

    ... until there's a 640kbit key. 640k ought to be enough for anybody.

    But seriously, it was just a few years back when we though 128bit keys were unbreakably long. Now 2048bit is standard, and about to get broken. 4096bit isn't enough right now. 16kbit is just about right, but that will get broken in early 2015.

    • Are you sure you aren't confusing symmetric and asymmetric crypto keys? I don't think 128 bit has ever been considered unbreakable for asymmetric keys, 1024-2048 has been the standard for asymmetric since I have known about it. For symmetric, 128 bit is still considered secure and is still the standard for AES, although many applications are moving to 256 bit.
    • i think you're mixing up key length for symmetric ciphers (like AES, 3DES, Blowfish, etc.) which are generally quite short like 128 or 256 bits and key lengths for _asymetric_ cryptosystems which vary much more in length and in the case of RSA are somewhere closer to 2048 and 4096.

      The reason is that for symmetric ciphers we _believe_ to be secure the best an attacker can do is brute force the key space. so that means brute forcing 2^128 or 2^256 possible keys. That's a hell of a lot of work. with current te

  • I'm going to need a new printer. One that I can run my post-it-notes through. Then I can print out this new bar code thingy and stick it on my monitor.
  • by Nazlfrag (1035012) on Wednesday March 03, 2010 @09:02PM (#31353450) Journal

    Does it come with a sticky backing so I can put it next to all the passwords I wrote down?

  • by dangermonkeyboy (622359) on Wednesday March 03, 2010 @09:22PM (#31353624)

    $ gpg --export | dmtxwrite --encoding=8 --format=PNG | lp

    To be honest, I thought trusted paper keys were already common knowledge among geeks:

    http://en.wikipedia.org/wiki/Trusted_paper_key [wikipedia.org]

  • But how to store an 800-character key offline?

    Uhm, 10 lines of 80 characters? 20 lines of 40 characters, if you think 80 in one hit might make you cross-eyed. Is it that hard to manually type in? For a backup copy that you will only ever be likely to type in once or twice, ever?

    Or is this just another Slashvertisement(tm)?

    • Paper can be burned, torn, folded, spindled, and mutilated
    • Paper can be stolen, photocopied, faxed.
    • When your (un-trusted) computer takes a picture of the key paper, a camlogger could intercept the key, compromising it.

    Bottom line, the key needs to turn into machine-read data at some point in order to interface with the crypto system and unlock your data, no matter what. Moving it to a piece of paper doesn't make it any more secure than storing it on a read-only USB key that you only plug into your computer

  • Not exactly new (Score:3, Insightful)

    by ei4anb (625481) on Thursday March 04, 2010 @08:01AM (#31356926)
    I punched my private key onto 80 column punched cards for offline storage back in 1979. It was the only way to keep a key private on a mainframe where the operator could read all files.

Dead? No excuse for laying off work.

Working...