[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tarsnap feature request: storing encrypted keys



On Mon, Sep 24, 2012 at 7:07 PM, Colin Percival <cperciva@tarsnap.com> wrote:
> On 09/24/12 16:59, Andy Lutomirski wrote:
>> I don't really trust CDs or USB keys as a long-term storage medium,
>
> This is why I made Tarsnap keys printable -- of course, printers bring
> some security concerns and paper has its own durability issues too.

You mean you don't keep a stash of university library-approved
archival paper around? :)

>
>> and tarsnap keys are kind of long (~5kB).  So here's a feature
>> request: let me upload a possibly encrypted key file to tarsnap.com so
>> I can re-download it if necessary, presumably using only my account
>> password to authenticate.
>
> This is something I've wondered about doing for a while; I'd prefer that
> people not use such a feature, but I can certainly imagine it making life
> easier for some people.
>
>> To clarify, here's a concrete proposal:
>>
>> $ tarsnap-upload-key keyfile.key
>>
>> This will generate a random 128-bit key, encrypt the key file against
>> that key, and send the result to tarsnap.com (i.e. somewhere in
>> AWS-land).  It will then display that key in some nice form (base64
>> with no I, l, or 1, for example), so I can print a few copies on
>> paper.  Then I can stick those pieces of paper somewhere safe.
>
> Is having that utility generate a decryption key for you better than just
> using the (already existing) functionality for passphrase-protected key
> files?  (One obvious advantage is that there's no way for someone to pick
> a poor passphrase if an encryption key is generated by the utility, I
> suppose.)
>
> My idea was that if I did this I wouldn't add any extra encryption but
> have the utility refuse to upload a key file which wasn't passphrased.

The idea was to prevent people from doing silly things.  The key
should be high-entropy -- otherwise, people are vulnerable to offline
(by you) or online (by anyone) dictionary attacks.  The main point
would be to reduce the amount of typing I'd need to do to recover my
key from ~5k keystrokes to ~32 keystrokes (fewer if base64).

--Andy