Skip to content

Key Management Issues – how long do I need to save the key?

What’s tough for Privly (and all encryption schemes) is key management.  I had a long talk with a friend of mine last week and this was one of the issues we discussed at length.

See the big problem is when I encrypt something I need to use a key to secure it.  Then, I need a key to unlock it later.  And if I want to share data (like Privly is intended for), I need to be able to make sure my friends have a key to open the posts they are supposed to access.  So far, this doesn’t seem too bad, but here’s where it gets tricky…

How long do I want to save my data for?  If it’s just for a single session, I don’t have to worry about key preservation.  I still need to make sure I have some way of getting a secure key from me to whomever I am communicating with, but that’s very manageable in a case like this.  So, a Skype call needs a password for the length of the call.  After that, the password can safely be discarded, never to be used / needed again.  The same thing applies for an HTTPS session.  It only needs to last while i’m communicating to that server.

BUT – what if I’m encrypting pictures / videos of my kids.  I want to save that for a long, long time.  In addition to normal data failure (dead hard drive, accidental delete, lack of format support, etc.) I now need to add all the possible encryption failures – corruption, and for our purposes here – loss of key.  Do you still remember your high school locker combination?  What if you used unbreakable encryption on family memories and then forgot the password and couldn’t recover them?  Heartbreaking.  If you encrypt your computer files today – will you remember your keys 30 years from now?

The thought for now is that Privly will target more transient data – facebook status posts, twitter messages and similar things that you may not care if they are preserved for the long term or not.  So maybe key retention isn’t a big issue, or maybe it is.  Perhaps longer retention items just won’t be part of the Privly target market.

Interesting questions that I need to give more thought to.


Another take on Why Privly.

Why aren’t people demanding that all their electronic communications be encrypted? 

Mostly, I believe it’s because they have an illusion of privacy and until something happens that startles them and forces them to confront the lack of privacy they really have, they will continue to believe in the illusion.  Also, privacy, while not hard, does take some work, so unless you are really concerned about it, most folks just don’t bother.

And I’m like that too.  I don’t bother with encryption much these days – I played with PGP in the early 90’s, but these days it seems too hard and just not worth it.  That’s part of why I got interested in the Privly project – its goal is to make it easy to share privately.

You have a right to your privacy.  When you go to the bathroom, do you shut the door?  Everyone goes to the bathroom, there’s nothing unique about you.  Why do you prefer to be alone?  It’s part of our culture – it’s one of our activities that we generally expect to do privately.  Are there exceptions, sure but as a general rule we consider that a private moment.

You have a right to your privacy.  When you talk with your husband or wife in your house, you expect the conversation to be private.  You don’t expect hidden cameras or microphones spying on you.  Well, at least here in the United States we don’t.  Perhaps there are other places where you don’t expect privacy in your own house.

There are many many situations in the physical world where we have an expectation of privacy and generally those expectations are met.  In the online world, it’s a bit different.

Online, it feels like you are doing private things, because you sit in your home, or your office or whereever you might be and no one else is looking at your screen.  But all your communications go through wires (or wireless) to your internet connection and whomever owns (or can access legally or not) that router can see your packets going through.  Your ISP can see everything.  The upstream folks who interconnect between the ISPs can see the data.  Now realistically, many folks who are capable of the spying don’t bother looking, but the point is they don’t have to avert their eyes.  If they want to look they can.  And in addition to random individuals with access, sometimes the companies themselves may have an interest in montiroing you.  Or perhaps government agencies.

My concern isn’t that during a criminal investigation that with proper procedures followed that authorized law enforcement officers will search your materials.

My concern is that if we don’t do something, the lack of general privacy and the low expectation of privacy and teh understanding of how little privacy protection we operate under will be the norm – and spying / monitoring us will be considered normal.

When was the last time you read 1984?  Perhaps it’s time to read it again.

Benefits of helping out on the team

One of the nice benefits of volunteering for the team – even before we are ready for an Alpha test – I got access to the latest development code and got a chance to play with it.  Nice…

So far so good – I got the latest code downloaded and tried it in FireFox.  I’ll experiment more tomorrow and update on how it goes then.

The weekly IRC chats have begun

Now that I’m back and working on this again, it was perfect timing – the project team started  a weekly IRC chat.

The developers are coding away, the web site is up and stable (team members are entering their info into the People pages).

It’s off to the races.

Now I only wonder where the finish line is, or perhaps even where is the first turn.  There is a huge amount of work to be done, and no overall schedule.  Well I got that put on the agenda for next week.

Catching up

I’ve been buried with family issues the last couple weeks and am just getting caught back up now.   Expect some more updates later today…

Encrypting Emails (not w/ – Part 2

I posted earlier that a customer had asked me to encrypt emails related to our project together to help protect their confidential information.  After some setup challenges, things were working OK.  But as part of my research trying to get this working, I realized there were some significant challenges to the ‘security’ we had put in place.

The first concern I ran into is the weakness of the encryption algorithm (Triple-DES) which is a reasonably good algorithm, but reading articles on the web, folks are discussing some weaknesses in it.   From my reading, it’s OK for short term communication (if the encryption is broken months to years later no damage is done), but for really sensitive items where future increases in computer power / algorithms might break it years later, it could be a concern.  A security professional I spoke to mentioned it had been broken and really shouldn’t be used at all.  For general public use it might be OK, but if you have something worth going after – you shouldn’t even consider it.  His recommendation – AES.

The second concern I ran into was the potential for a Man in the Middle (MITM) attack .  Basically the question is how do I know that the key exchange I did with the customer really was with the customer, and not someone intercepting my traffic and then reencrypting / signing with his key.  For my case, it seems very unlikely, but it is something to consider as an attack of this type absolutely invalidates all I’m doing to protect the data in transit.  The approach is to compare the thumbprint’s of  our certificates.   That is planned for my next on site meeting.

Encrypting Emails (not w/

I apologize in advance – this blog is supposed to be focused on privacy on social media with, but perhaps it should expand a bit…  If you are interested only in – feel free to skip this one, or you may wnat to read, you may find it interesting anyway.

Today I had a customer request that I use encrypted emails for sending them confidential information.   This seemed like a reasonable request and given my interest in supporting privacy I thought this would be a great opportunity to practice what I preach.  I work for a large computer company and we have a large generally very good IT support staff, so I thought this would be easy…

Wow, what a pain in the neck.

First, I had to create a digital cerificate.  This was cool – I expected to need to do this.   I went ahead and did it – in my default browser – Firefox.  I then spent an hour or so trying to get Outlook 2007 to import / use the certificate I created, with no luck.  I gave up doing it myself and called our support organization.  They were as usual very helpful, but this was evidently not a typical request for them.  They finally figured out that on WinXP, the only supported way to create the certificate and get it into Outlook is to use IE 6 or IE7.  Care to guess what version I’m running – Yup you got it. I run IE 8 on the work laptop.

So the support person had to uninstall IE 8, install the certificate with IE6,  then reinstall IE8.  Then we started in Outlook to try it out.  At first it seemed to work.  I was able to send a digitally signed email to the customer, then an encrypted one and I thought we were OK.  Then I started asking questions about how do I know it is encrypted.  It really isn’t so obvious.

Of course, the initial certificate I created was already sent to the customer, so I have gotten some occasional emails from him that I can’t open – since they were encrypted to the wrong key.

It’s working now, and with Outlook, after setup,  isn’t too hard to do on a regular basis.  All my emails to/from this customer are now encrypted.

%d bloggers like this: