Break-Open One-Shot Password Stores
David Biggins
David_Biggins at usermgmt.com
Mon Feb 27 09:59:03 GMT 2012
Hi Ian
Don't know whether they would fit the bill or not, but Postsafe
claim to do tamper-evident uniquely numbered security envelopes.
http://www.google.co.uk/products/catalog?hl=en&q=security+envelopes&cid=
6771560181040730997&ei=JlJLT8TtO8-E5AbP9YTUDw&ved=0CBUQrRI#
I wouldn't however try going to a postsafe com website to try for more
details - my AV got very unhappy just now. Which assuming it is the
same company, does not totally inspire warm feelings.
D
> -----Original Message-----
> From: ukcrypto-bounces at chiark.greenend.org.uk [mailto:ukcrypto-
> bounces at chiark.greenend.org.uk] On Behalf Of Ian Batten
> Sent: 27 February 2012 7:43 AM
> To: UK Cryptography Policy Discussion Group
> Subject: Break-Open One-Shot Password Stores
>
> Fictional films of nuclear missile launch processes show passwords and
other
> key material stored in plastic enclosures which are broken in order to
obtain
> the secret. The idea presumably is that you can check that the key
material
> has not been accessed without exposing it. Whether it's true or not,
it's a
> neat way to deal with "break glass" processes for storing the root
password
> to servers, the back-stop copy of your lastpass password for your
executor or
> enduring power of attorney, etc.
>
> Has anyone seen such devices for sale? It wouldn't be hard to do it
yourself
> with a lucite box and some araldite, but it would probably require a
tool to
> break open and it's hard to be sure that the system doesn't have a
back door:
> presumably the "real" items would be very weak in one plane, so they
are
> easy to break and any force applied to attempt to open them otherwise
will
> break that weak point.
>
> ian
>
>
More information about the ukcrypto
mailing list