Key safety vs Backup : History of a bad day (key-restoration problem)

Atom Smasher atom at smasher.org
Sun Oct 28 11:05:55 CET 2007 

On Sun, 28 Oct 2007, Sven Radde wrote:

> Atom Smasher schrieb:
>
>> in theory, if you're *really* using a strong pass-phrase, you can 
>> publish your private key in a public place and rest secure in the 
>> knowledge that no known technology can break your 100+ character 
>> pass-phrase... and if a hard drive or several go up in smoke you can 
>> recover a copy from google's cache ;)
>
> A few thoughts on this: - You could use the very long passphrase, upload 
> to secret key to somewhere and then change the passphrase back to a 
> shorter one for daily use.
============

and then inevitably forget what you used for the *really* secure 100+ 
character pass-phrase, because you never use it.


> - Instead of doing this, you could just take your secring.gpg, encrypt 
> it using "gpg --symmetric" with a really long passphrase and publish the 
> result.
===============

see above.

but this has me thinking... why not combine the "hidden in plain sight" 
part with the encrypted part using steganography... use a reasonably 
strong passphrase ("reasonable" depends on the needs of the end user) for 
your secret key, then hide it in a JPG and post it in a public place. if 
you use `outguess` (i'm not sure about other tools) you can even require a 
pass-phrase to get the data in/out of the image file, not to mention that 
outguess provides a plausible deniability feature.

i know... to many people on this list steganography, like one time pads, 
is more of a toy than a real crypto solution, but compared to posting a 
secret key in a public (or even an insecure non-public) place i'd say it's 
"better than nothing".

even with a reasonably strong pass-phrase i wouldn't want to walk around 
with my secret key on a flash-drive with my physical keys, but hidden in a 
JPG of family/friends/pets it would be easily overlooked if i lost 
possession of the flash-drive. and if all of my drives picked the same day 
to die, i'd have a recoverable copy of the secret key.


-- 
         ...atom

  ________________________
  http://atom.smasher.org/
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"They have computers, and they may have
 	 other weapons of mass destruction."
 		-- Janet Reno, US Attorney General,
 		27 Feb 1998

More information about the Gnupg-users mailing list