hard-copy backups

Thu Jan 5 06:21:00 CET 2006

has anyone given any thought to what would be the difference between 
carefully and carelessly making hard-copy backups of secret keys?

i mean, it would be stupid to print a copy of ones secret key (with a weak 
passphrase) and leave it lying on a table next to a window. OTOH, a 
printed copy of a secret key (with a strong passphrase) would probably be 
"secure" in a 10 ton safe.

so how strong should a passphrase be when printing out a secret key in the 
first place? what are the pros/cons of hiding versus securing a hard-copy? 
what other factors should be considered?

bear in mind, these are philosophical questions with philosophical 
answers... i'm not looking for absolutes.

btw, if anyone prints out their secret key for backup, here's a few lines 
of shell code that will print a (non-cryptographic) checksum for each 
line. this way if you have to recover your key from hard-copy, it's *much* 
easier to find mistakes. an example of the output looks like this 
(indented):

the code works on bsd (zsh) but may have to be slightly modified for other 
operating systems or shells.

while read n
do
         echo -n "${n}\t"
         echo "${n}" | cksum
done

-- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"I contend that we are both atheists. I just believe
 	 in one fewer god than you do. When you understand
 	 why you dismiss all the other possible gods, you
 	 will understand why I dismiss yours."
 		-- Stephen Roberts