When I'm dead, how will my loved ones break my password? (and not the government)
Cory Doctorow writes for Guardian,
More specifically, what about the secrets that protect our data? Like an increasing number of people who care about the security and integrity of their data, I have encrypted all my hard-drives – the ones in my laptops and the backup drives, using 128-bit AES – the Advanced Encryption Standard. Without the passphrase that unlocks my key, the data on those drives is unrecoverable, barring major, seismic advances in quantum computing, or a fundamental revolution in computing.
After considering a few options that most people who think about this particular problem would, including an option I might have considered adequate, a safebox containing the passphrase (or an unencrypted private key which can be used to similar effect), and rejecting them, he concludes,
Finally, I hit on a simple solution: I’d split the passphrase in two, and give half of it to my wife, and the other half to my parents’ lawyer in Toronto. The lawyer is out of reach of a British court order, and my wife’s half of the passphrase is useless without the lawyer’s half (and she’s out of reach of a Canadian court order).
Obviously this makes the attack on the passphrase slightly easier: if it was originally 10-characters long, then now the attacker needs to consider only 5-character passphrase, once he gets the control of one. But it’s probably easy enough to make your passphrase long enough to minimize this problem, i.e. make your passphrases 40-chars long instead of the recommended 20-chars (for my full hard drive encryption, I use a 26-char password and it’s probably not too difficult for me to memorize one that’s twice as long).
And if you don’t mind a little bit of technical complexity, you can split the key mathematically rather than as a string: i.e. for each character, take its ASCII code, and split it, randomly, into two numbers (running both positively and negatively, say from -255 to 255; it wouldn’t be possible to split them into another sets of printable ASCII codes, as lowest 32 numbers aren’t printable, so may as well just turn each character into numbers) so that when they are added together, you get the correct character back, and store information about these two sets of numbers separately—and either of these two sets by itself is literally nothing but a random set of numbers, betraying no information about the actual passphrase.
Overall, I think this is a good scheme, except, well, it only works for people with connections in two countries (and if the liberals have their way, we will have the One World Government pretty soon, so splitting jurisdiction may not be an option soon).
It seems like, at least in any scenarios I can think of, if you want to share a secret with someone else and wants to keep it secret (between the two of you), then the only way to do it is under some subterfuge—either regarding the fact that you have a secret, or that the other person shares it (so that you can prevent the person from getting subpoenaed).