Schneier on Security

pdf23ds • October 30, 2010 11:20 AM

Treating this as an open thread,

Quite a while ago I asked here how to prove some document existed at a certain time in the past and was not created later. No one had any good answers. (Probably only a few people read it anyway, being a late post on a squid thread.) However, I posted about it on my blog and somehow it got onto hacker news, and several people pointed out Stamper, the PGP timestamping service.

http://www.itconsult.co.uk/stamper.htm

It requires no mutual trust between people. The third-party doesn't even have to be particularly trusted. The proof comes from PGP signing and the long chain of past documents that have been published daily (on usenet and other places) for over a decade. It's a pretty cool idea.

Now my only problem is long-term archiving. Damn, that's a pain. Currently I have settled on a hard disk and periodic burned DVDs--two copies stored physically separated in dark cool rooms. Even if both DVDs go bad, they'll most likely go bad in separate places and the original data can be recombined. I'll periodically reburn them.

A post on the conflicts between security and backups would be nice.