Break-Open One-Shot Password Stores

Peter Fairbrother zenadsl6186 at zen.co.uk
Mon Feb 27 13:22:57 GMT 2012


Paul Barnfather wrote:
> On 27 February 2012 07:42, Ian Batten <igb at batten.eu.org> wrote:

>> Fictional films of nuclear missile launch processes show passwords
>> and other key material stored in plastic enclosures which are
>> broken in order to obtain the secret.  The idea presumably is that
>> you can check that the key material has not been accessed without
>> exposing it.  Whether it's true or not, it's a neat way to deal
>> with "break glass" processes for storing the root password to
>> servers, the back-stop copy of your lastpass password for your
>> executor or enduring power of attorney, etc.
> 
>> Has anyone seen such devices for sale?
> 
> How about the way banks issue PIN codes for ATM and credit cards?
> They come in the form of a printed letter with a neat little plastic 
> tear-off tab which makes it very clear if the PIN has been read by 
> someone else. They seem to be a cheap and effective way of storing
> and communicating a "read once" password.
> 
> I assume they are fairly resistant to casual tampering.


They probably are fairly resistant - if the recipients know what to
expect the untampered item to look like. Otherwise it's fairly easy to 
pass off an opened item as being unopened.

US Presidential missile control code cards in movies have a similar 
problem, in that the unopened card has to be unforgeable.

(of course they also had a bigger problem -  for much of their history 
the hardware PALs in the missiles and bombs the codes in the card were 
supposed to unlock were all actually set to code 00000000, the military 
not trusting politicians, and in real terms launch control was actually 
under human voice orders.

The codes themselves, and even the electronics in the "football", were 
almost totally irrelevant, their only real function was to make the 
President feel in control ... though there were some papers in the 
"football" about attack options etc.)

-- Peter Fairbrother



More information about the ukcrypto mailing list