Charlie was getting ready to head home when the phone rang. Caller ID showed it was Peter.
“Hi, Peter,” Charlie said into the receiver. “Want me to start the file cracker on your spreadsheet? It should only take me a couple of minutes to crack the password.”
“No, thanks,” Peter answered, taking the joke well. “I remembered my passphrase. But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for certain kinds of information, but I’m worried about forgetting a passphrase again, or even worse, that someone else forgets a passphrase or leaves the company. How would we get their files back?”
“We need to use a feature called key recovery, which is usually part of PKI software,” said Charlie. “Actually, if we invest in PKI software, we could solve that problem as well as several others.”
“OK,” said Peter. “Can you see me tomorrow at 10 o’clock to talk about this PKI solution and how we can make better use of encryption?”
Answer the following questions thoroughly. Upload your answers or type them in the below space, with each question/answer numbered.
Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?
Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?