Backup of Keys

[Mark]

If someone does not want to remember a passphrase then it goes to
something they have. Either some sort of key digital or "analog" or
biometric.   Granted changing that is more limited but some get
creative, 10 fingers and 10 toes to choose from.

I don't think there is any perfect system.  Passwords are easy to change
but also easy to forget. Biometrics are hard to "lose" but also hard to
change.

On 5/25/2020 12:36 AM, Peter Lebbing wrote:
> On 24/05/2020 21:39, Mark wrote:
>> I know there are other options maybe even some that use
>> biometrics to decrypt the database.
> I am very wary of biometrics for authentication purposes. There are so
> many examples where the vendor assured us it was working really well,
> and researchers easily cracked the system by using a photo, or
> photocopied fingerprints they lifted off a glass or even more funny from
> the fingerprint reader itself.
>
> That's for authentication, where only non-reproducability is vital. For
> encryption, it's much worse, because you need a lot of entropy for that
> to ward off offline attacks. And biometrics just doesn't have that much
> entropy.
>
> And both share that there is no recovery from compromise. If somebody
> learns your passphrase, you change it, tracking down all backups and
> changing them as well. That might be a little painful.
>
> If somebody manages to copy your biometrics, you can't change them. You
> could erase your fingerprints by taking a job processing pineapples on a
> daily basis. And you could get plastic surgery for your face, but that
> really puts the painful in "it's so painful to change your passphrase
> everywhere"...
>
> HTH,
>
> Peter.
>