5.9.1. again, this stuff is covered in many of the FAQs on PGP and
on security that are floating around...
5.9.2. "How long should crypto be valid for?"
+ That is, how long should a file remain uncrackable, or a
digital signature remain unforgeable?
- probabalistic, of course, with varying confidence levels
- depends on breakthroughs, in math and in computer power
+ Some messages may only need to be valid for a few days or
weeks. Others, for decades. Certain contracts may need to
be unforgeable for many decades. And given advances in
computer power, what appears to be a strong key today may
fail utterly by 2020 or 2040. (I'm of course not
suggesting that a 300- or 500-digit RSA modulus will be
practical by then.)
+ many people only need security for a matter of months or
so, while others may need it (or think they need it) for
decades or even for generations
- they may fear retaliation against their heirs, for
example, if certain communications were ever made
public
- "If you are signing the contract digitally, for instance,
you would want to be sure that no one could forge your
signature to change the terms after the fact -- a few
months isn't enough for such purposes, only something that
will last for fifteen or twenty years is okay." [Perry
Metzger, 1994-07-06]
5.9.3. "What about commercial encryption programs for protecting
files?"
- ViaCrypt, PGP 2.7
- Various commercial programs have existed for years (I got
"Sentinel" back in 1987-8...long since discontinued). Check
reviews in the leading magazines.
+ Kent Marsh, FolderBolt for Macs and Windows
- "The best Mac security program....is CryptoMactic by Kent
Marsh Ltd. It uses triple-DES in CBC mode, hashes an
arbitrary-length password into a key, and has a whole lot
of Mac-interface features. (The Windows equivalent is
FolderBolt for Windows, by the way.)" [Bruce Schneier,
sci.crypt, 1994-07-19]
5.9.4. "What are some practical steps to take to improve security?"
- Do you, like most of us, leave backup diskettes laying
around?
- Do you use multiple-pass erasures of disks? If not, the
bits may be recovered.
- (Either of these can compromise all encrypted material you
have, all with nothing more than a search warrant of your
premises.)
5.9.5. Picking (and remembering) passwords
- Many of the issues here also apply to choosing remailers,
etc. Things are often trickier than they seem. The
"structure" of these spaces is tricky. For example, it may
seem really sneaky (and "high entropy" to permute some
words in a popular song and use that as a pass
phrase....but this is obviously worth only a few bits of
extra entropy. Specifically, the attacker will like take
the thousand or so most popular songs, thousand or so most
popular names, slogans, speeches, etc., and then run many
permutations on each of them.
- bits of entropy
- lots of flaws, weaknesses, hidden factors
- avoid simple words, etc.
- hard to get 100 or more bits of real entropy
- As Eli Brandt puts it, "Obscurity is no substitute for
strong random numbers." [E.B., 1994-07-03]
- Cryptanalysis is a matter of deduction, of forming and
refining hypotheses. For example, the site
"bitbucket@ee.und.ac.za" is advertised on the Net as a
place to send "NSA food" to...mail sent to it gets
discarded. So , a great place to send cover traffic to, no?
No, as the NSA will mark this site for what it is and its
usefulness is blown. (Unless its usefulness is actually
something else, in which case the recursive descent has
begun.)
- Bohdan Tashchuk suggests [1994-07-04] using telephone-like
numbers, mixed in with words, to better fit with human
memorization habits; he notes that 30 or more bits of
entropy are routinely memorized this way.
5.9.6. "How can I remember long passwords or passphrases?"
- Lots of security articles have tips on picking hard-to-
guess (high entropy) passwords and passphrases.
+ Just do it.
- People can learn to memorize long sequences. I'm not good
at this, but others apparently are. Still, it seems
dangerous, in terms of forgetting. (And writing down a
passphrase may be vastly more risky than a shorter but
more easily memorized passphrase is. I think theft
of keys and keystroke capturing on compromised machines
are much
more important practical weaknesses.)
+ The first letters of long phrases that have meaning only to
the owner.
- e.g., "When I was ten I ate the whole thing."--->
"wiwtiatwt" (Purists will quibble that prepositional
phrases like "when i was" have lower entropy. True, but
better than "Joshua.")
+ Visual systems
- Another approach to getting enough entropy in
passwords/phrases is a "visual key" where one mouses from
position to position in a visual environment. That is,
one is presented with a scene containg some number of
nodes, perhaps representing familiar objects from one's
own home, and a path is chosen. The advantage is that
most people can remember fairly complicated
(read: high entropy) "stories." Each object triggers a
memory of the next object to visit. (Example: door to
kitchen to blender to refrigerator to ..... ) This is the
visual memory system said to be favored by Greek epic
poets. This also gets around the keyboard-monitoring
trick (but not necessarily the CRT-reading trick, of
course).
It might be an interesting hack to offer this as a front
end for PGP. Even a simple grid of characters which could
be moused on could be an assist in using long
passphrases.
By Tim May, see README
HTML by Jonathan Rochkind