Re: [SAGE] Long lived, cheap data storage (securely)

[Richard Chycoski <rskiadmin@chycoski.com>]

You don't want to use a readable book as your key. It isn't hard to decrypt 
such a file, since human languages have very well known patterns. Once 
someone decodes a small mount of the data using the patterns, it would not 
be difficult to discern the rest of the book.

If you use a source of truly random data, however (say, a DVD full), and use 
it only once, (and remember to keep the copies of the key in a safe place, 
away from the encrypted data) it's going to be very difficult to break (at 
least with current technology - I make no promises about 100 years from now!).

(This is the advice that I've been given from people who have worked at some 
of those three-letter government agencies - add salt to your taste. :-)

- Richard



Philip Brown wrote:
> Old thread, but thought I'd chime in a little...
> 
> 
> 
> On Sun, Oct 07, 2007 at 04:59:27PM -0400, Mark R. Lindsey wrote:
>> But risks in this plan:
>>
>> -> How long would GnuPG encryption last me? After all, single-DES was  
>> considered useful once. What's the expected lifespan of readily- 
>> available encryption software?
> 
> I think that no "public key" style encryption, is going to be secure for
> more than 20 years, let alone 100.
> (10, even?)
> 
> Anything that is reliant on math, to puzzle out a mathematical solution to
> something.. will eventually be breakable.
> 
> I hear that one of the best solutions for encryption, for data of limited
> length, is to pick a book, and then use the text as a cypher key.
> Letter-for-letter cycling of keys, so to speak.
> First byte of data, gets "encrypted" by first letter of book.
> Second byte of data, gets "encrypted" by second letter of book. etc.
> 
> The problem with that, is that I dont know the ramification of what happens
> when you have so much data, you have to keep recycling the book over it.