My biggest challenge as I’m getting older is remembering my long secret key.
Even with a password manager that requires me to remember only a few passphrases (personal and work being two), there is a non zero chance now that a fall and a concussion would lock me out of my password manager.
Anyone else have a solution or a suggestion for this problem?
Wear a helmet and hip pads, but failing that split the password in half (as in literally the first half and the second half, don't try to get fancy with crypto) and give the halves to two people unlikely to collude. Your computer will no longer have 5th amendment protection, though.
Yes. Place the secrets in a secured (symmetric encrypted) document. Then print the password for that document and hand it to a loved one, trusted family member/friend, or lawyer.
Shamir's secret sharing with 3 separate lawyers is kind of hard to beat if you have cryptocurrency or other similar assets that absolutely need a password to recover it, and it is a relatively easy algorithm to run. Give them the same instruction sheet on how to run the algorithm, plus a different second page with their fragment of the key.
Most of the time, though, the "call us" approach actually works, and you can give your relatives power of attorney to handle this.
I was talking about a point discussed in the article. There is an attack on OTP because the attacker can change the message if there is no hash-like authentication of the message's correctness. I asked if there was a pen-and-paper way to authenticate an OTP message.
What about reducing our usage of the Internet and using local resources instead? Personally I have local mirrors of various code repositories, and thousands of ebooks. If you want to nearly eliminate all surveillance, then you can air-gap your computer?
So we shift back from the collective (networked) systems to a more individualistic local information store? We already have local AI models, which is a step in the right direction.
Pricing and access depends on your membership or subscriptions with ACM.
Purchase this Article
Purchase this Article:
Protecting Secrets from Computers
Terence Kelly
Purchase Article
Purchase Article
Non Member$15.00
ACM Professional Member$10.00
ACM Student Member$5.00
Already an acm Member? Sign In or become a member
deepdyve logo
Available at DeepDyve
The Largest Online Rental Service for Scholarly Research
Price: $0.00 *
I.A. or similar link kindly requested please. TYIA
27 comments
[ 2.0 ms ] story [ 68.3 ms ] threadInstead, the claim here is that you cannot trust crypto that you didn't roll yourself. Indeed, maybe you should compute it by hand!
Ha! I love having my beliefs challenged.
Completely impractical but very fun.
As we continually have told to and is pushed upon us by IT - this is the most secure system to have.
The one that no one can use.
You can use private keys like that, but people are not expected to remember them.
Even with a password manager that requires me to remember only a few passphrases (personal and work being two), there is a non zero chance now that a fall and a concussion would lock me out of my password manager.
Anyone else have a solution or a suggestion for this problem?
https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing
This is maybe not the most secure way to do it, but this is good enough for our threat model.
These are offline password managers.
Remember poe : what's hidden in plain sight is never found (and nobody is looking anyway)
Most of the time, though, the "call us" approach actually works, and you can give your relatives power of attorney to handle this.
https://manpages.debian.org/buster/libpam-otpw/pam_otpw.8.en...
So we shift back from the collective (networked) systems to a more individualistic local information store? We already have local AI models, which is a step in the right direction.
Pricing and access depends on your membership or subscriptions with ACM. Purchase this Article Purchase this Article: Protecting Secrets from Computers Terence Kelly
deepdyve logo Available at DeepDyveThe Largest Online Rental Service for Scholarly Research
Price: $0.00 *
I.A. or similar link kindly requested please. TYIA
https://queue.acm.org/detail.cfm?id=3623614&doi=10.1145%2F36...