[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Tarsnap feature request: storing encrypted keys
On 09/24/12 19:18, Andy Lutomirski wrote:
> On Mon, Sep 24, 2012 at 7:07 PM, Colin Percival <cperciva@tarsnap.com> wrote:
>> This is why I made Tarsnap keys printable -- of course, printers bring
>> some security concerns and paper has its own durability issues too.
>
> You mean you don't keep a stash of university library-approved
> archival paper around? :)
Nope. Although even cheap paper will probably last a few decades... unless
it gets too wet or too hot.
> The idea was to prevent people from doing silly things. The key
> should be high-entropy -- otherwise, people are vulnerable to offline
> (by you) or online (by anyone) dictionary attacks.
Right. That said, scrypt (used for key derivation in passphrased key
files) is powerful enough that you need to be using an *abysmally* poor
password for it to be easily cracked.
> The main point
> would be to reduce the amount of typing I'd need to do to recover my
> key from ~5k keystrokes to ~32 keystrokes (fewer if base64).
Oh, I was assuming that anyone who printed their key file would OCR it
if they needed to read it back in.
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid