Re: hard-copy backups

Wed, 04 Jan 2006 22:49:13 -0800 

Atom Smasher wrote:
has anyone given any thought to what would be the difference between carefully and carelessly making hard-copy backups of secret keys? 


i mean, it would be stupid to print a copy of ones secret key (with a 
weak passphrase) and leave it lying on a table next to a window. OTOH, 
a printed copy of a secret key (with a strong passphrase) would 
probably be "secure" in a 10 ton safe.



so how strong should a passphrase be when printing out a secret key in 
the first place? what are the pros/cons of hiding versus securing a 
hard-copy? what other factors should be considered?



i think you are mixing up two different things. on the one hand you have 
the problem of security of your data, e.g. no one should read your 
mails, etc. . on the other hand you have the problem of date recovery.


for security you are using a very well gnupg setup.


for data recovery you realy need a copy of your keys. paiper is one of 
the most robust medium to backup date (the egyptain know a more robust 
medium, but the usual computer user is not able to use a hammer and a 
chisel ;) ). i think you shoud take your paper (or flagstone), put them 
into a sealed envelope. give it to you local bank. the german bsi has 
written a book called it-grundschutzhandbuch imho there is also an 
english version avalable. maybe you want to read this.



bear in mind, these are philosophical questions with philosophical 
answers... i'm not looking for absolutes.



btw, if anyone prints out their secret key for backup, here's a few 
lines of shell code that will print a (non-cryptographic) checksum for 
each line. this way if you have to recover your key from hard-copy, 
it's *much* easier to find mistakes. an example of the output looks 
like this (indented):


  -----BEGIN PGP PUBLIC KEY BLOCK-----    3675205589 37
      3515105045 1

  mQILBECkOvYBEADJfImYQNznN0PJxkwcGysohePmujLVJTsA30WV9tXrb6+4L5ib    
2185591463 65
  Ed9zHilbvXEgmrLJbG949H7yAwbNAaEjfnlqxBO31BmIJjUDmnXxe3FN98fuKIcq    
3919870367 65
  bVn8aqPOvGGvsJaWDwLyFSG3UT60htHFuh0I0Nco7AB6WTXBrwV/9JDkiy7p0fK5    
1339170163 65


i know this little trick from the c64. there was a program called mse :)

have a nice day,
patrick

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users






















					Reply via email to