[PLUG] An alternate worst case data encryption recovery suggestion

Sean Harbour sean at harbours.us
Fri Jun 3 05:48:15 UTC 2005


On Sat, 28 May 2005 10:10:02 -0700
Keith Lofstrom <keithl at kl-ic.com> wrote:

> It might be helpful to set up some sort of "information escrow"
> mechanism for PLUG members. 

Your proposed method of requiring a majority of trusted key holders cooperate to recover an individuals private data is a good suggestion, but would require significant planning and coordination among the involved parties. It could possibly be more hassle than the average code warrior would want to deal with.

As a different alternative, I remember seeing an article a few years ago describing some sort of time based expiration of encryption keys. I can't find it on google, of course, but from memory the gist was a trusted source would distribute a set of encryption keys that were time stamped. You would separately encrypt the information with the dated key for when you would want that info available in case of loss of your private key due to death, imprisonment, whatever. At regular intervals, the trusted source would publish the decryption keys as each date occurred.

It would most likely be implemented in a similiar fashion to current SSL keys authentication, that is, everyone would have to agree on a trusted organization to house the master keys and distribute updates. And there would be a mechanism in place to automatically check for the latest decryption keys.

If it worked as planned, you could regularly make a backup of your information and encrypt it with a public date key. Every month or year, delete the old backup and re-encrypt. In a worst case scenario, whoever has access to your physical storage will be able to decrypt it at some pre-determined date in the future, but no sooner. The downside is that you would have to keep strict control of any such encrypted data. Any copies outside your control would be wide open after the specified date. It would make a great way to publish whistleblower letters to the public domain, however.

The author of the article was also touting the possibility of integrating the system with the electronic banking system, bringing up the possibility of writing post-dated electronic money transfers, if you will. Interesting idea, and I'll bet there is some startup company working on it right now.

Does anybody have a link to the original article or, better yet, a working example?

Thanks,

Sean Harbour



More information about the PLUG mailing list