[Semi-OT] Retrieving those old passphrases (was Re: Query on adding a USB hdd)

To: debian-user@lists.debian.org
Subject: [Semi-OT] Retrieving those old passphrases (was Re: Query on adding a USB hdd)
From: Ron Johnson <ron.l.johnson@cox.net>
Date: Thu, 24 May 2007 03:11:27 -0500
Message-id: <[🔎] 465548AF.4030909@cox.net>
In-reply-to: <[🔎] 20070524095036.a632306b.dunno@stoptrick.com>
References: <[🔎] 46547C28.9050001@dsl.pipex.com> <[🔎] 465486BF.2060709@sbcglobal.net> <[🔎] 46549491.9000003@physik.blm.tu-muenchen.de> <[🔎] 4654AFAD.1070400@sbcglobal.net> <[🔎] 4654B9B8.6030905@cox.net> <[🔎] 1179958356.7680.2.camel@princess.gregfolkert.net> <[🔎] 20070523234655.GA15503@titan> <[🔎] 4654D6C3.1090807@cox.net> <[🔎] 20070524011750.GA16192@titan> <[🔎] 20070524095036.a632306b.dunno@stoptrick.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/24/07 02:50, Dan H wrote:
[snip]
> 
> One more problem I would have had is that I might have forgotten my old
> passphrase. Fortunately I've been using one and the same passphrase for
> over 10 years now, which in itself isn't so good, so I could
> finally decrypt all my data, re-encrypt it with GPG and commit it to my
> current backup scheme (7).

That's the REALLY big issue, especially for organizations.  There
needs to be a key escrow process so that 8 years later when the
person who did the encrypting is long gone, the data can still be
retrieved.

My idea is to:
1. print the passphrase plus relevant info,
2. put it in an envelope well-marked with such vitals as key
   bit length and cypher used) and seal it,
3. sign your name and timestamp across the edge of the seal,
   so that it will be obvious if someone opens it and reseals
   it,
4. put packing tape all around it,
5. send it to Iron Mountain or a bank deposit box.

Then impress upon Important People that this is Important Stuff that
needs fiduciary care.

- --
Ron Johnson, Jr.
Jefferson LA  USA

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGVUivS9HxQb37XmcRAtZ7AJ99+l5tUED5zvD1ftzHrFOzP6JojgCeJGpb
yF1Jg5ipZRGp4T+UAmjuaME=
=7aSq
-----END PGP SIGNATURE-----

Reply to:

References:
- Query on adding a USB hdd
  - From: andy <geek_show@dsl.pipex.com>
- Re: Query on adding a USB hdd
  - From: Mike McCarty <Mike.McCarty@sbcglobal.net>
- Re: Query on adding a USB hdd
  - From: Johannes Wiedersich <johannes@physik.blm.tu-muenchen.de>
- Re: Query on adding a USB hdd
  - From: Mike McCarty <Mike.McCarty@sbcglobal.net>
- Re: Query on adding a USB hdd
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Query on adding a USB hdd
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: Query on adding a USB hdd
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>
- Re: Query on adding a USB hdd
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Query on adding a USB hdd
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>
- Re: Query on adding a USB hdd
  - From: Dan H <dunno@stoptrick.com>

Prev by Date: Re: Query on adding a USB hdd
Next by Date: Re: heimdal kerberos on debian?
Previous by thread: Re: Query on adding a USB hdd
Next by thread: Re: Query on adding a USB hdd
Index(es):
- Date
- Thread