|
List Info Thread: encrypting files with lots of different keys
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
encrypting files with lots of different keys |
|
List Info Thread: encrypting files with lots of different keys
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
aei.mpg.de> writes:
> A further point: Do you really want the granularity of
your encryption
> to be "one key per disk"? I much prefer a
cryptographic file system
> which lets me have separate keys for separate
categories of information
> (eg one key for my tax forms, a different key for
company-confidential
> project stuff, a different key for old love letters,
still another one
> for My Secret Plan For World Domination, etc etc).
These might all
> live on the same laptop, but they probably need quite
different key
> policies.
I think that usability would make any such scheme outright
impractical. People can't keep track of one key -- keeping
track of a
dozen would be rather difficult. Perhaps there are marginal
benefits
to being able to use different policies for different parts
of the
system, but it seems to me that the problems would far
outweigh any
benefits. This is doubly true in a single user environment
where there
is no issue with different subsets of users needing to see
different
subsets of the data.
It is far simpler to simply use whatever key refreshment
policy makes
sense for the most secure information on the file system and
to use
one key. A system that is actually used beats a
"better" system that
is never used every time.
Perry
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomo