A method for storing private keys offline
May 21st, 2012 Posted in security, technology, work | 7 Comments »
One of the issues with Public Key Infrastructure (PKI) has always been a way to safely store and backup the private keys. Most of the time this is done by using a keydatabase for storing the keys or even an HSM in larger organizations. And the only backup solution I encountered so far was burning the key to a CD-R or storing it on an USB stick and putting them in a (physical) vault, controlled by the Security Office.
I have a smarter idea for offline backups!

At the IBM conference in Berlin I realized that I have been preaching some ideas about (internet) security for a while. The gist of this idea is that security in the ‘world of computers’ (also referenced as the internet, on-line or -nowadays- clouds) is not all about technical solutions. In fact the most important component are not the technical implementations. Besides, these are pretty easy, although most people try to hide that.
You probably hate all your passwords, just like me. I have tons of them and I use tools like 1Password and KeePass to store them relatively safe with a masterpassword. I also have a few strong passwords I reuse a little too often; like anybody does. However, I also have some smart passwords which are unique and easy to remember. Especially for websites. Without telling my exact method, I can tell you my formula to easy to remember unique passwords.

