The latest Guardian column, “When I’m dead, how will my loved ones break my password?” describes the process the writer’s wife and he went through when they drew up their wills and realized that their encrypted hard-drives and their network passwords would go with them if they died or were incapacitated, and how important it was for them to have a secure, long-term solution for decrypting our data if they were to croak.
I don’t want to simply hand the passphrase over to my wife, or my lawyer. Partly that’s because the secrecy of a passphrase known only to one person and never written down is vastly superior to the secrecy of a passphrase that has been written down and stored in more than one place. Further, many countries’s laws make it difficult or impossible for a court to order you to turn over your keys; once the passphrase is known by a third party, its security from legal attack is greatly undermined, as the law generally protects your knowledge of someone else’s keys to a lesser extent than it protects your own.I discarded any solution based on putting my keys in trust with a service that sends out an email unless you tell it not to every week – these “dead man’s switch” services are far less deserving of my trust than, say, my wife or my solicitor.
I rejected a safe-deposit box because of all the horror stories I’ve heard of banks that refuse to allow access to boxes until the will is probated, and the data necessary to probate the will is in the box.
I pondered using something called Shamir’s Secret Sharing Scheme (SSSS), a fiendishly clever crypto scheme that allows you to split a key into several pieces, in such a way that only a few of those pieces are needed to unlock the data. For example, you might split the key into 10 pieces and give them to 10 people such that any five of them can pool their pieces and gain access to your crypto-protected data. But I rejected this, too – too complicated to explain to civilians, and what’s more, if the key could be recovered by five people getting together, I now had to trust that no five out of 10 people would act in concert against me. And I’d have to keep track of those 10 people for the rest of my life, ensuring that the key is always in a position to be recovered. Too many moving parts – literally.