One of the usual arguments for key escrow was always "what if your employee dies and you can't get his data?" Secret Sharing techniques are of course a better approach, or at least storing sealed envelopes in company safes as a much better approach than pre-broken crypto. There've been a couple of stories in the press recently where weak passwords also solved the problem.
One was a radio piece, I think NPR, about one of the companies in the World Trade Center who'd lost their computer administrators in the 9/11 attacks. The remaining employees got together and started telling stories about their co-workers - their interests, their family members, where they'd gone on vacation, their dogs' names, etc. They got most of the passwords. (It was a piece about modern management styles, and how in older hierarchical companies there'd be fewer people who knew the new employees well enough to do that.) The other was about the loss of the database of the personal library collection of one of the main linguists studying one of the two main Norwegian dialects. It's now been cracked... RISKS-FORUM Digest 22.13 http://catless.ncl.ac.uk/Risks/22.13.html Date: Tue, 11 Jun 2002 11:37:02 -0400 From: Lillie Coney <[EMAIL PROTECTED]> Subject: Norwegian history database password lost and retrieved After the password for accessing a Norwegian history museum's database catalog for 11,000 books and manuscripts had been lost when the database's steward died, the museum established a competition to recover it. Joachim Eriksson, a Swedish game company programmer, won the race to discover the password (ladepujd, the reverse of the name of the researcher who had created the database). How he arrived at it was not disclosed. [Source: Long-lost password discovered: Norwegian history database cracked with help from the Web, By Robert Lemos, MSNBC, 11 Jun 2002; PGN-ed] Lillie Coney, Public Policy Coordinator, U.S. Association for Computing Machinery Suite 510 2120 L Street, NW Washington, D.C. 20037 1-202-478-6124
