Cloud service providers can afford to engineer a solution that uses static derived keys encrypted by a master key that could be more easily rotated, but I'm not aware of off-the-shelf solutions for individuals. If they had used a hardware token to encrypt data for long term archival, the hardware token could not be disposed without re-encrypting all data. It is already a toil for anyone to rotate their hardware token with all the servers they might have used it with for authentication. The firmware is not upgradable (for security reasons), so new features and fixing vulnerabilities always require the key to be replaced. A new release would address old vulnerabilities and add new crypto support. A hardware crypto token such as Yubikey is not meant to be used forever.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |