"Felix E. Klee" wrote in news:87hd2cl3tm.wl%
felix.klee@inka.de:

> Also, I'm worried that smart cards are really not that safe: Maybe
> someone finds a hole that can be easily exploited for reading the secret
> key, e.g. by someone who wants to play a (harmful) prank on me.

I think the big weakness of smart cards are that at least some of them can be
physically taken apart; which then gives one full access to the non-encrypted
private key - private keys are not encrypted when stored on a smart card.
See: http://tinyurl.com/bj64h

At Fri, 23 Jun 2006 10:37:24 GMT,
Tom McCune wrote:
> I think the big weakness of smart cards are that at least some of them
> can be physically taken apart; which then gives one full access to the
> non-encrypted private key - private keys are not encrypted when stored
> on a smart card. See: http://tinyurl.com/bj64h

Thanks for the very interesting pointer!

--
Felix E. Klee

At Fri, 23 Jun 2006 09:38:13 +0200,
Felix E. Klee wrote:
> For storing a secret master key, I'm looking for a safe that counts
> the number of times it has been opened. An alternative would be a
> safe that remembers the last time it was opened. Does such a thing
> exist?

In found out now that there are locks for safes that do log events (such
as opening of a door). This technology is frequently called "auditing".
Examples:

- Lagard LGAudit:

http://www.lagard.com/pages/index.as...w_product&id=9

- Wittkopp/Insys EloStar 7215:

http://www.cawi.com/contentus/html/e...nic-locks.html

Also AFAICS one could equip a small safe such as the Hartmann 2004 with
such a lock, but it would be prohibitively expensive, probably somewhere
around 600 USD.

Any hints/remarks are welcome.

--
Felix E. Klee

"Felix E. Klee" writes:

>For storing a secret master key, I'm looking for a safe that counts the
>number of times it has been opened. An alternative would be a safe that
>remembers the last time it was opened. Does such a thing exist?


Yes, but they are very expensive. The counter is inside the control
drawer. It's not integral to the container.




--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433

"Felix E. Klee" writes:

>At Fri, 23 Jun 2006 09:38:13 +0200,
>Felix E. Klee wrote:
>> For storing a secret master key, I'm looking for a safe that counts
>> the number of times it has been opened. An alternative would be a
>> safe that remembers the last time it was opened. Does such a thing
>> exist?

>In found out now that there are locks for safes that do log events (such
>as opening of a door). This technology is frequently called "auditing".

The X07 locks had counters. I assume the X08's do as well.
ISTM the X07 went for $1200 on GSA schedule..



--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433

At Mon, 26 Jun 2006 01:59:17 +0000 (UTC),
David Lesher wrote:
> The X07 locks had counters. I assume the X08's do as well. ISTM the
> X07 went for $1200 on GSA schedule..

The current model seems to be the X09:

http://www.mas-hamilton.com/a.php?page=x-09_main

Maybe they are the best of their kind, but one doesn't have to spend
that much money for an auditing lock. I just got a price quote from a
German company:

Furniture safe Bielefeld with electronic lock GST S plus (outside size
in mm: 196 x 306 x 190; inside size: 124 x 230 x 110):

448.00 EUR

Unit for reading the audit trail:

150.00 EUR

Still: unaffordable for me.

Then there's the Chinese company Pregex which
offers small safes with auditing locks. However, I was not able to find
a price for any of their products on the Web. Probably they are mostly
an OEM manufacturer, and their safes are sold under differing brand
names.

BTW, an interesting alternative (but probably even more expensive)
solution for storing the primary secret key is making it as public as
possible when someone accesses it: For example one could store the key
in an ordinary safe and have a life video stream of the safe publicly
broadcasted on the Net.

--
Felix E. Klee

At Tue, 27 Jun 2006 14:46:18 +0000 (UTC),
David Lesher wrote:
> But the fact they do have audit counters makes it less likely anyone
> else still makes in-drawer types.

I just read the above sentence again, but I still can't make sense of
it. Please let me know what you are referring to when you write
"in-drawer types". Do you refer to safes that have a certain form
factor? If so, what does this have to do with Mas Hamilton? AFAIK, they
don't produce safes. Furthermore, I assume that their locks can be
combined with safes from many different manufacturers.

Anyhow, I just found another manufacturer that offers low budget safes
with auditing locks: Dometic. I'm not sure, however, if, in order to
read out the audit-trail, one really needs to buy the expensive printer
that they offer. That would be a definite drawback, although for the
intended target audience (hotels), the price probably doesn't matter
since only one printer is needed for many safes.

I just wonder: To me storing a secret key in an auditing safe seems to
be close to perfect. But maybe I'm missing something, am I?

--
Felix E. Klee