Privacy With a 4096 Bit RSA Key — Offline, On Paper 232
HavanaF writes "Online backup is practical, but can it offer any privacy? The Dutch security company Safeberg developed an Offline Private Key Protocol, with an asymmetric key scheme. The protocol demands that the private (decryption) key be stored away from the 'source' computer, which presumably is 'too vulnerable.' The catch is that the private key needs to be fairly large to be secure: a 4,096-bit RSA key should suffice for some years. But how to store an 800-character key offline? Safeberg introduces a machine readable paper key, with the 4k-bit key crammed in a giant 2D Datamatrix barcode. This video on key strength tells the story."
What Happens When ... (Score:5, Funny)
Re: (Score:2)
It looks like the key is printed out in Hex at the bottom as well as the QR barcode.
Re: (Score:3, Insightful)
Which brings to mind an important question: Why not just have the machine read the hex?
Re: (Score:2)
B8B8B8B8B8B8B8B8B8B8B8B8B8B8B8B8
Because 2D barcodes are much easier to read reliably. No need for special OCR. The hex key is presumably for human input, although I don't see any reason why you would not try and read it with a machine, if you really must.
B8B8B8B8B8B8B8B8B8B8B8B8B8B8B8B8
Re:What Happens When ... (Score:5, Informative)
Reading numbers is more error prone. With the bar code, there are presumably lots of check digits and other such loveliness encoded into it.
As for folding it, what happens? Probably nothing. There are usually CRCs (or similar) and lots of other stuff in those 2D bar codes. This particular scheme, Data Matrix, is apparently highly redundant, allowing full recovery of the data even if (up to) 30% of the bar code is destroyed.
http://www.tlashford.com/TLA/pages/Basic_sym/Symbol_overview.htm#DATAMATRIX [tlashford.com]
http://en.wikipedia.org/wiki/Data_matrix_(computer) [wikipedia.org]
Re:What Happens When ... (Score:4, Insightful)
There's no reason you cannot insert check digits into the number as well.
Re: (Score:3, Insightful)
Also, if you can recover most of the digits and know which ones are missing you can probably brute force the rest.
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
Why would yo fold it?
To keep it in my pocket just in case I ever needed it. Sheesh.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
In order to be really secure, onsite storage of the key is a no-no anyway, so this system must presume anyone interested in getting the password does not have site access.
And in that case, paper is just silly. It is less "safe" (as opposed to secure) than a USB key, since a USB key can't fold or tear, and water won't normally damage it.
I'd say this is a solution looking for a problem. It might be great for off-site backup of your USB key. But I don't see it as useful for much of anyth
Re:What Happens When ... (Score:4, Insightful)
...paper is just silly. It is less "safe" (as opposed to secure) than a USB key...
Paper has hundreds of years of technology development behind it; what is the oldest USB key you have? Technology easily and readily exists to store quality archive paper nearly indefinitely in temperature/light/humidity controlled environments.
I might even guestimate bar code technology will disappear long before a properly created and stored paper archive.
Re: (Score:2)
Why one would want to use the same RSA key for years and years is beyond me. Want something encrypted for the next 100 years? Don't bother with public key, go block cypher. Why not stick to AES or something similar?
Re: (Score:2)
a USB key can't fold or tear, and water won't normally damage it.
Last (southern) summer I had a bunch of SD cards in my wallet, then they went missing. So this summer I put on a pair of short pants and there were my cards, in a zip up pocket. They had been washed twice in hot water and still worked perfectly.
Re: (Score:3, Funny)
Re:What Happens When ... (Score:5, Funny)
I tried do to that and all I got was "42".
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
The company could store a last-resort backup at a different facility, and allow you access after checking a bunch of biometrics.
Re: (Score:3, Informative)
All matrix codes have enough redundancy to allow successful decoding when the image is partially damaged. Some have so much redundancy that you can tear them in half and still recover the contents.
Re:What Happens When ... (Score:4, Informative)
The paper key seems to contain 4x4 x 22x22 = 7744 bits. So can't tear it in half but almost.
Re:What Happens When ... (Score:5, Informative)
Bar codes printed on media of all kinds are generally quite robust and not error prone. The printing device does not need to be special in any way. The reader does not need to be special in any way. Print the key on acid-free paper using a laser printer and store it for a looong time. I'll leave it up to the slashdot tifosi to declare how long it would last in a bank vault.
Some nice ways to encode keys and store it as a symbol on paper here: http://www.adams1.com/stack.html [adams1.com]
Symbology is very non-sexy knowledge, but valuable in logistics.
Re: (Score:2)
If you're really 'paranoid' about storage time get a thin aluminium or steel shim the size of a credit card and etch onto the back of that.
Re: (Score:2, Funny)
Bar codes printed on media of all kinds are generally quite robust and not error prone.
Excepet at the supermarket, when you are in a hurry...
Another plausible scenario I have to watch out for (Score:3, Funny)
Guy holding knife and laxatives: "Poop the paper! Poop it now!"
Re: (Score:2)
Re: (Score:2)
Re:Another plausible scenario I have to watch out (Score:5, Funny)
"Defecate thy papyrus!"
Re:Another plausible scenario I have to watch out (Score:4, Interesting)
Void thine vellum!
Oust thine onion skin!
And that's about all I can come up with.
Except maybe "Shit the sheet", but that doesn't sound as nice.
key exchange (Score:3, Funny)
In 2006, a guy recited Pi to 100000 places... (Score:2)
So what could be so hard about memorizing a measly 800 or so characters?
Re: (Score:3, Funny)
Nothing, but that poor guy will have to remember passwords for everyone!
Re: (Score:2)
It takes a special kind of mind to do that.
And that said... I memorized a 48 character hexadecimal password, in case I ever need one. :P
Re: (Score:3, Funny)
It takes a special kind of mind to do that.
And that said... I memorized a 48 character hexadecimal password, in case I ever need one. :P
I hope it wasn't F80FFA585E9867B804D998A2ED65E55BFC352C3C500684CC, cuz that's the one I'm using.
Re: (Score:3, Insightful)
So what could be so hard about memorizing a measly 800 or so characters?
Pi might be hard. But for encryption keys, It's not hard at all. You just repeat "12345" one hundred and sixty times.
Now, I want half of you to mod this funny, because it is. I want the other half of you to mod it insightful, because we all know that when you put 4096 bit encryption into the hands of an average person, they really do type 12345 one hundred and sixty times.
Re: (Score:3, Funny)
when you put 4096 bit encryption into the hands of an average person, they really do type 12345 one hundred and sixty times.
I'm obviously above average then - i'd use cut & paste to do the job in seconds!
Re:In 2006, a guy recited Pi to 100000 places... (Score:4, Informative)
Problem is, this is an RSA key, it can't just be any random string of bits, it has to be two very large prime numbers. Users won't be chosing a 4096bit key, it will be generated for them.
Lets go old school (Score:2)
This sounds like a way to put punch cards back in every office.
Re: (Score:2, Funny)
"What's your password?"
"Umm....let's see. Del Monte canned peaches in light syrup, kraft macaroni and cheese, hunts canned pizza sauce, campbels chicken and noodle soup"
"We need a Safeway, tape, scissors and a barcode reader!"
How is this any more secure (Score:4, Insightful)
Than a 4096 Bit RSA Key that is stored on a standalone computer?
Re: (Score:2, Insightful)
Or stored on a standard external storage medium like, say, an USB stick?
Re:How is this any more secure (Score:5, Informative)
If you use the standalone computer for anything but storing the key, or fail to physically secure the standalone computer from access (separate to any physical security on any computer on which data resides that is secured with the key) it is obviously more secure to keep the key on paper, physically secured in something that isn't opened except to access the key.
If you don't use the standalone computer for anything else, and have it separately physically secured, then for any reasonable use of the word "computer", it will probably be equally secure, and vastly less expensive to separately secure the key on paper, instead.
Perhaps the more relevant comparison is separately securing paper vs. separately securing long-term electronic storage media. The sheet of paper will probably be cheaper in any case (though the price difference drops if you are using inexpensive electronic storage media rather than a dedicate computer), and will likely be more likely to be practically usable to access data a longer time into the future. Though in this case, a key factor is making sure the paper has the key in a human-readable form as well as a machine-readable form, since long-term availability of tools to read any particular machine-readable format is an issue. If you use text in an OCR-friendly font, the human readable format and the machine readable format can be the same.
Re: (Score:3, Insightful)
If you use the standalone computer for anything but storing the key,
Same problem occurs if I write doodles on the paper -- though I fail to see how that reduces the security, only the reliability.
or fail to physically secure the standalone computer from access
Granted, it's easier to secure a piece of paper. But the same problem applies.
More importantly, a closer analog to the paper is a USB thumb drive, which will fit just as neatly in a safety deposit box, or in your pocket, or (apparently) in your digestive system [slashdot.org]. It has flaws, but these would seem to be the exact same flaws the paper does -- for example, any machine on which I decr
Re: (Score:2)
Same problem occurs if I write doodles on the paper -- though I fail to see how that reduces the security, only the reliability.
Well, doodles on the paper affects reliability. Using the computer for other things affects reliability, true, but if it is separately physically secured, using it for other things means more opportunity for physical security problems, and not separately physically securing it is a pretty big security deficit comp
Re: (Score:3, Informative)
Re: (Score:2)
It's not more secure. It's cheaper. It's less likely to break down. You can store it in a safe. You can print it using a desktop printer. And its infinitely less likely to be wiped and used as a gaming machine by your 14 year old (if you have 4 year olds you might need the safe though).
Re: (Score:2)
You can store USB keys in a safe. They're relatively cheap. They have no potential to be used as a gaming machine.
Re: (Score:2, Insightful)
How about SmartCards and a smartcard reader?
Have the card itself execute decryption of the symmetric key without revealing the private key to the PC, when it's read.
It will probably be cheaper than the uber-expensive specialized scanner+software from this vendor, you'll need to be able to scan the "cheap" paper key, anyways
And more secure in that the private RSA key is not subject to being stolen from PC RAM, or by modifying the decryption program on the PC to capture the key.
Re: (Score:3, Interesting)
hide the key in a book: great idea! (Score:2)
Hey, that's a great idea! But I guess if someone flips through the book, s/he'd be able to find it. Here's an additional idea: print various fake keys in addition, on other pages, and only you know which page contains the real key. Although I guess, unless you use a lot of fake keys, the enemy would be able to just try each key in turn. Defense to that: comb
Re: (Score:2)
It's cheap?
Also doesn't need electricity, won't suffer a hard drive crash, and is easily duplicated (may or may not be good). Also it's pretty cheap and easy to make paper fairly durable. Laminate itt, print it on photo paper...hell, there's no reason you really need to use paper at all. You could store it on film, you could store it on wood or a clay tablet probably...hell with sufficient desire you could make it out of cement or even friggin' trees. The interesting thing about this is not the fact that it
Re: (Score:2)
The computer has to have an asset tag, the asset has to be depreciated, and the asset has to be disposed of eventually. Some enterprising hacker will recover that key from an improper hard drive disposal...everytime. Murphy is ascendant.
Re: (Score:2)
Clearly you've never worked in an office environment. The paper documents last forever Whereas you get lucky when that Dell from 2001 fails so you can upgrade it to a new one.
Re: (Score:2)
no thanks my Hard drive is too big (Score:4, Insightful)
Online backup is practical
not for my 1.5 terabyte HDD which is about half full.
Right now backing up from hard drive to hard drive takes forever (hours). How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?
Re:no thanks my Hard drive is too big (Score:4, Funny)
How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?
you can get about 17 MBytes/Sec with a 1.5TB through USPS
Re: (Score:2, Insightful)
Re: (Score:2)
How the fuck am I gonna back up to a remote server over the internet at 60 kbytes/sec?
you can get about 17 MBytes/Sec with a 1.5TB through USPS
Yes, but what are the service fees? And... where are you overnighting this?
If I wanted highly secure off-site backups, I'd buy an external hard drive or two and keep them in a safe deposit box at my local bank. Do the math on a 15 minutes each way (twice, first getting the hd then going back to put it in) + 15 minutes at the bank each time + x amount of time updating 1.5TB through USB... I bet it'll beat your USPS throughput.
Re: (Score:3, Funny)
you can get about 17 MBytes/Sec with a 1.5TB through USPS
Liar! 17 Megabyte files always take 20 minutes to copy. Always.
Re: (Score:3, Informative)
Re: (Score:3, Funny)
Those who would sacrifice latency for bandwidth deserve neither.
Re: (Score:2)
OK, OK but it is probably practical for most things that require 4096 bits of RSA security. I've currently got two levels of backup. My administration/contacts etc. which is encrypted and backed up to my local ISP at ADSL speeds and on a tiny 2.5" external hdd, and a second one which *should* be stored on a separate hard disk or a RAID system. My favorite CD's I just copy to all my devices. Other things are just not worth backup up, such as 1 TB of downloaded movies - if I like them enough I simply buy the
Re: (Score:2)
Doesn't matter how big the volume is. It only matters how much data changes every day. Even if it takes days to sync up the first time, as long as only a few GBs changes, subsequent backups will go plenty fast.
Re: (Score:2)
It'll take forever at first, but yes. Modern backup solutions would tend to be smarter still -- triggering automatically and silently in the background, sending deltas as soon as anything changes -- though presumably you could restrict how much bandwidth and what hours it would operate.
Re: (Score:2, Insightful)
How much added security? (Score:3, Interesting)
Re:How much added security? (Score:4, Informative)
Yes, whenever you use a key it becomes more vulnerable. This only adds security to the storage, not the use. It's amazing how many times this kind of thing is forgotten, e.g. when using an ultra-secure USB device on a computer with zero protection. It becomes even more "interesting" when you have to use the key in an automated system - obviously this design is not meant for continuous use :).
Smartcard ? (Score:2, Interesting)
Backup (Score:3, Insightful)
Since the purpose of this is to backup critical data, you want to make darn sure that you never loose the key, or all the data is worthless. Storing pieces of paper securely and safe from disaster is something that we have been doing for years, and you don't have to look very far for a solution. On the otherhand, most safes, fire boxes and safety deposit boxes will still get hot enough enough in a fire to destroy any digital media stored in them.Paper offers a simple, traditional backup while something like
Don't use datamatrix (Score:5, Informative)
Datamatrix is the Gif of the barcode world. It has a bunch of patents covering it.
PDF417 [wikipedia.org] does mostly the same thing, can be read with a laser (instead of an imager) and was designed to be open source and patent free from the beginning.
Re:Don't use datamatrix (Score:4, Interesting)
The wikipedia article on DataMatrix (http://en.wikipedia.org/wiki/Data_Matrix#Patent_issues) seems to imply it is unencumbered--perhaps I'm misunderstanding something?
Re:Don't use datamatrix (Score:5, Informative)
No offense, but this information is wrong. Data Matrix is completely unencumbered by patents. For one thing, it was released into the public domain by its inventor, and for another it's so old that even if there had been patents they would have expired by now.
There was one "IP" company that made some noise in 2006-2007 claiming to cover some of the underlying technology in their patent portfolio, but they were handed their hats in court. I followed the issue very closely, even stopping distribution of my Data Matrix open source project for a while, pending this outcome. But rest assured that Data Matrix is unencumbered by patents and safe to use in your projects.
Re: (Score:2)
I didn't know it was safe now.
Bar Codes Are Not Error Prone (Score:2)
It would be hell if you lost the symbology though. Otherwise, this is very practical to the few who understand what been done.
Re: (Score:2)
It would be hell if you lost the symbology though
I'm sure the word you were looking for was "symbolism.". It would be hell if you lost the symbo-- wait, oh, right...
Re: (Score:2)
*sigh*
And they banned the sequel in Australia, still managed to get a copy, damn funny stuff :)
Not new (Score:2)
---
Cryptography [feeddistiller.com] Feed @ Feed Distiller [feeddistiller.com]
And this is practical, how? (Score:4, Insightful)
Do people actually use the systems they produce and sell?
Re:And this is practical, how? (Score:4, Funny)
Safeberg also announced that their official position is that "dog food tastes terrible".
Ummmm.... (Score:4, Interesting)
Now, if you're really trying to protect some kind of historical record of how your data has progressed over time, then that would be a reason why access to the source computer still didn't get the intruder access to what you're trying to protect... but that's a very special case.
Dunno. Maybe I'm just missing the point.
Paper tape (Score:2)
You could use long strips of paper [wikipedia.org] with holes punched in it (or not punched). Or you could build one of these [wikipedia.org] with a somewhat longer strip of paper.
Idiotic (Score:4, Funny)
This makes absolutely no sense. Smart cards have been around for many years now. There, you NEVER give ANYONE or anything access to your private key. Challenge-response, one-time-passwords, tokens, etc, etc. Putting it on paper is LESS SECURE than sticking it on a thunb drive. Then at least it can't be stolen by taking a picture...
paperkey and libdmtx (Score:4, Informative)
The original paperkey software takes out the redundant key material for a smaller amount of data. You can restore the original key by combining the output with the public key.
To encode:
gpg --export-secret-key (thekey) | paperkey --output-type raw | dmtxwrite -e8 -f pdf > my_pdf_file.pdf
You can pass pdf, eps, svg, etc, to the -f option. Use 'dmtxwrite -l' to get a list of all supported image formats.
To decode:
dmtxread -N1 my_pdf_file.pdf | paperkey --pubring ~/.gnupg/pubring.gpg > my_new_secret_key.gpg
I'll hold out (Score:3, Interesting)
... until there's a 640kbit key. 640k ought to be enough for anybody.
But seriously, it was just a few years back when we though 128bit keys were unbreakably long. Now 2048bit is standard, and about to get broken. 4096bit isn't enough right now. 16kbit is just about right, but that will get broken in early 2015.
Re: (Score:2)
different kinds of cryptographic keys (Score:2, Informative)
i think you're mixing up key length for symmetric ciphers (like AES, 3DES, Blowfish, etc.) which are generally quite short like 128 or 256 bits and key lengths for _asymetric_ cryptosystems which vary much more in length and in the case of RSA are somewhere closer to 2048 and 4096.
The reason is that for symmetric ciphers we _believe_ to be secure the best an attacker can do is brute force the key space. so that means brute forcing 2^128 or 2^256 possible keys. That's a hell of a lot of work. with current te
Gonna need a new printer... (Score:2)
Hang on a minute (Score:3, Funny)
Does it come with a sticky backing so I can put it next to all the passwords I wrote down?
I'll save you some money (Score:4, Informative)
$ gpg --export | dmtxwrite --encoding=8 --format=PNG | lp
To be honest, I thought trusted paper keys were already common knowledge among geeks:
http://en.wikipedia.org/wiki/Trusted_paper_key [wikipedia.org]
But how? (Score:2)
But how to store an 800-character key offline?
Uhm, 10 lines of 80 characters? 20 lines of 40 characters, if you think 80 in one hit might make you cross-eyed. Is it that hard to manually type in? For a backup copy that you will only ever be likely to type in once or twice, ever?
Or is this just another Slashvertisement(tm)?
Not seeing the strength of this set up... (Score:2)
Bottom line, the key needs to turn into machine-read data at some point in order to interface with the crypto system and unlock your data, no matter what. Moving it to a piece of paper doesn't make it any more secure than storing it on a read-only USB key that you only plug into your computer
Not exactly new (Score:3, Insightful)
Re:First Po.. (Score:4, Insightful)
Hang on! let me get my giant barcode out of my pocket!
that reminds me of Robin Williams doing his Adam and Eve sketch....."Stand back honey, I do not know how big this can get!!"
Pants? Hmm! (Score:3)
That's just the thing... a printed key is just one washing machine away from complete and total disaster at the data center.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So if the user has some jpeg on their machine called goodtimes.jpg that is...
I think hello.jpg would be more appropriate, as people would be less inclined to distribute it. :)
Re: (Score:2)
Re: (Score:2)
Certicom has a bunch of patents on ECC, though. RSA is unencumbered as the patents on modular exponentiation in a cryptosystem actually expired.