On Aug 2, 2010, at 2:30 AM, Peter Gutmann wrote:
Jerry Leichter <[email protected]> writes:
One could certainly screw up the design of a recovery system, but one
would have to try. There really ought not be that much of difference
between recovering from m pieces and recovering from one.
There's a *huge* difference, see my previous posting on this the
last time the
topic came up,
http://www.mail-archive.com/[email protected]/msg07671.html:
the cognitive load imposed is just so high that most users can't
cope with
it, particularly since they're already walking on eggshells because
they're
working on hardware designed to fail closed (i.e. lock everythi ng
out) if
you as much as look at it funny....
Well ... we do have a history of producing horrible interfaces.
Here's how I would do it: Key segments are stored on USB sticks.
There's a spot on the device with m USB slots, two buttons, and red
and green LED's. You put your "USB keys" into the slots and push the
first button. If the red LED lights - you don't have enough sticks,
or they aren't valid. If the green LED lights, you have a valid key.
If the green LED lights, you push the second button (which is
otherwise disabled), and the device loads your key. (The device could
also create the USB sticks initially by having a "save key" setting -
probably controlled by a key lock. "Voting out" and replacing a
segment requires a bit more, but could be designed along similar lines.)
You can use some kind of secure USB stick if you like. The content of
a USB stick is standard - there has to be a file with a known name and
some simple format, so it's easy to re-create a USB stick from a paper
copy of the key.
Since specialized hardware is expensive, you can approximate this
process with software (assuming you get a competent designer). You
can get by with only one USB slot, but given the tiny cost of USB hubs
- I can buy a complete 10-port USB hub, power adapter included,
shipped free, for less than $16 at mertiline.com, for example (and
that's gross overkill) - it's probably worth it to give users a nice
physical "feel" of inserting multiple keys into multiple locks.
I just don't see the great cognitive load involved, if the problem is
presented properly.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
