A very secure crypto container | Just my blog

/dev/random

A very secure crypto container

In my thoughts of keeping data save… I had the next idea…

What is actually the idea… we split the key (passphrase) into 3 parts:

  • Passphrase in the brain of the user
  • Passphrase on a USB-stick (random generated data)
  • Passphrase on a HTTPS-server which requires a certificate on the client to allow access to the part of the key (random generated data)

The benefits are:

  • They need to torture you to get the passphrase part out of your brain
  • They need the fysical USB-Stick… (you can hide it in i.e. a vault)
  • You can track the opening of the crypto container by monitoring the HTTPS-server
  • you can block the opening of the crypto-container by removing the passphrase on the HTTPS-server
  • You can block the opening of the crypto-container by deny access to the client-SSL-cert


So there are a lot of benefits… but there are also a few disadvantages:

  • Losing one of the parts of the passphrase… the crypto container will stay close
  • You need to be online (on the Internet) for opening the crypto-container, because of the HTTPS-passphrase

But on the other hand… it is a really heavy security solution…

It is not operational yet… but… if I have the proof-of-concept ready… you will read it here…


  • Social

  • By continuing to use the site, you agree to the use of cookies. more information

    The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible and enable advertising to provide you free content. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

    Close