A (not) new security idea

Scot L. Harris webid at cfl.rr.com
Thu Oct 14 17:56:32 UTC 2004 

On Thu, 2004-10-14 at 13:25, Nifty Hat Mitch wrote:
> On Thu, Oct 14, 2004 at 06:26:20AM -0500, Brian Fahrlander wrote:
> > On Wed, 2004-10-13 at 20:58, Scot L. Harris wrote:
> > > On Wed, 2004-10-13 at 20:06, Brian Fahrlander wrote:
> > 
> > > Security wise it is always a bad idea to write down passwords or
> > > passphrases.  The reality is that almost everyone does just that.  :)
> > 
> >     Oh, to be sure!  But if they're GONNA do it due to human nature,
> > it's better to have them do it off site...
> 
> The issue is not writing down the pass phrases but "key management".
> I predict that there is a potential for the single largest cause of
> lost data in the next ten years to be lost keys to encrypted data.
> 
> Good biometric hooks to encryption break if the employee is in jail,
> dead, skips town, changes jobs,.... looses a 'bio' part.
> 
> If you are a manager and walk an employee out, expect a hefty
> fee to recover data not unlocked in the exit interview process ;-)
> 
> It is not silly to have a locked firesafe with keys written down for 
> many.

I think we were talking about regular users that stick postit notes
under their keyboards (or on the face of the monitor) with their
passwords on them.  

In a production environment I kept a log book with passwords for all
systems.  That book was kept in a lock box inside a limited access room
(actually the telco room).  Very few people had access to the room and
even fewer had keys to the lock box.  

But a good point.  And one I tried to make earlier is when a device that
contains all your keys is lost or destroyed there needs to be some
process in place to replicate or replace it.  And as you pointed out if
people are going to start encrypting data all over a loss of the keys is
going to result in lost data.  How much do you think the NSA would
charge to break the encryption on a companies books or source code for
their products?  :)


-- 
Scot L. Harris
webid at cfl.rr.com

Today's scientific question is: What in the world is electricity?

And where does it go after it leaves the toaster?
		-- Dave Barry, "What is Electricity?"

More information about the fedora-list mailing list