Not strictly crypto, but a key issue

Nicholas Bohm nbohm at ernest.net
Fri, 30 Mar 2001 17:20:25 +0100 

At 16:03 30/03/2001 +0100, Donald ramsbottom wrote:
>
>Snips,
>
>>
>>So what are good strategies for managing large numbers of uid/passwd 
>>pairs together with bucket loads of PINs?  
>>
>
>Well liking military history I choose battle dates, so for example if the
>pin was 18051815, I remember Trafalgar and Waterloo (no I do not use those
>two, I'm much more obscure). It works with anything which has numbers in
>it, whether it be kinds of cars , computer parts, or ISBN numbers and has
>the added security of being a personal quirk.
>
>I used to have them written down in a couple of pages of hand written
>basic, but the above method needs no writing and for each individual is
>something they are likely to remember

This once led to a problem when dyslexic former neighbours went on holiday
giving me their burglar alarm code (for cat feeding purposes) as the date
of the Armada.  By experiment I was able to find the number, which
fortunately coincided with the phylloxera outbreak in France in the 19th
century.

But the problem more generally is that each PIN or password must logically
be known to the intended recipient.  With many recipients, either several
learn a PIN usable for several others, or I have to have an awkward number
of different acronyms to manage.  Remembering all my mother's different
maiden names gets tricky too.

Nor do I care for biometrics.  These translate a physical characteristic
into a number, after all, and it is unattractive to have lots of different
people storing my iris/fingerprint/DNA numbers, since by that very process
they become usable in increasing numbers of systems by replay (and are at
best very inconvenient to revoke, or impossible).

A seriously secure pocket-sized signing/encrypting device (internal key
generation, no key export, screen, easy self-destruct) actuated by a
biometric might begin to feel safe.  But nothing like this seems close to
available, and it would need a lot of subsidy (like mobile phones) to
spread widely.

Regards

Nicholas

Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK

Phone	01279 871272	(+44 1279 871272)
Fax	01279 870215	(+44 1279 870215)
Mobile	07715 419728 (+44 7715 419728)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF