A very secure crypto container

In my thoughts of keeping data save… I had the next idea…

What is actually the idea… we split the key (passphrase) into 3 parts:

  • Passphrase in the brain of the user
  • Passphrase on a USB-stick (random generated data)
  • Passphrase on a HTTPS-server which requires a certificate on the client to allow access to the part of the key (random generated data)

The benefits are:

  • They need to torture you to get the passphrase part out of your brain
  • They need the fysical USB-Stick… (you can hide it in i.e. a vault)
  • You can track the opening of the crypto container by monitoring the HTTPS-server
  • you can block the opening of the crypto-container by removing the passphrase on the HTTPS-server
  • You can block the opening of the crypto-container by deny access to the client-SSL-cert

So there are a lot of benefits… but there are also a few disadvantages:

  • Losing one of the parts of the passphrase… the crypto container will stay close
  • You need to be online (on the Internet) for opening the crypto-container, because of the HTTPS-passphrase

But on the other hand… it is a really heavy security solution…

It is not operational yet… but… if I have the proof-of-concept ready… you will read it here…