Key safety vs Backup : History of a bad day (key-restoration problem)

[Robert J. Hansen]

Atom Smasher wrote:
> in theory, if you're *really* using a strong pass-phrase, you can
> publish your private key in a public place and rest secure in the
> knowledge that no known technology can break your 100+ character
> pass-phrase... and if a hard drive or several go up in smoke you can
> recover a copy from google's cache ;)

This is true in practice, too, as long as some caveats are met.

> one thing i've thought about is using a one-time-pad to break a
> private key into 2 (or more) shares. then send (using secure
> channels) each share to one or more trusted persons who don't know
> each other. maybe put one of the shares in a bank safe. if all of
> your hard drives explode on the same day you can collect the shares
> and reconstruct your key.

Ack!  Ack!  One time pads!  Ack!

I really, really wish the Vernam cipher was either lesser known or
better known.  If it was lesser known, fewer people would advise ever
using it.  If it was better known, more people would understand its
phenomenal shortcomings.

Point blank: unless you can spend a lot of money on training and
infrastructure, you are almost always better off using conventional
crypto.  The Vernam cipher is /expensive/ to use properly, precisely
because it is so unforgiving of any kind of failing.

The secret sharing idea isn't a bad one, but using the Vernam cipher to
do it is a very bad idea.  The Shamir Secret-Sharing Protocol works
much, much better for this purpose.