Physical storage of key is the weakest link

[tcmay@netcom.com (Timothy C. May)]

> There are a number of good ways to breach modern cryptography without
> torture.  They include:
> 
> Van Eck (Tempest) monitoring.
> Sodium pentathol & its more modern cousins.
> Bribery.
> Blackmail.


> Adam Shostack 				       adam@bwh.harvard.edu

Much more likely:

* Diskettes left lying around. Secret keys on home computers.

* Incompletely erased files. (Norton Utilities can recover erased
files; mil-grade multiple-pass erasure may be needed.)


A simple search warrant executed on your premises will usually crack
open all your crypto secrets. (Fixes to this are left as an exercise.)

Where to store one's secret key is an issue that makes academic the
issue of whether one's key can be compelled. A diskette stored at
one's home, in one's briefcase, etc., can be gotten. A pendant or
dongle or whatever that stores the key can also be gotten. The
passphrase (8-12 characters, typically) is secure, but not the key.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."