D/R 201: Maintain Fresh Batteries

Posted in Physical Security Infrastructure, Networking Faux Pas, Crypto Plumbing on May 30th, 2011 by Rodney

Years ago, at the dawn of the dot-Com age, when crypto was cool and Distinguished Names were already an arcane concept, there was a story, let’s be kind and say it’s an urban legend, about root keys.  In the early days you bought a BBN Safekeeper.  It kept the RSA private key safe.  It had a battery backup on the memory it used to store the keys (remember this would have been 1980’s tech.)

There was this story about how American Express bought a Safekeeper but forgot to change the batteries.  I’m not sure it’s true but it does point out the need for the key operator to follow policy and use the “split the key and save the parts in separate places” features of modern HSM solutions.

More generally, you should buy a UPS.  Or at least make sure someone’s making sure your expectations about continuous clean in-budget power are met.  Buy a UPS, make sure you plug into the “special” power strip in the Colo, confirm the D/R plan is NOT on your task list, or somehow think about it.  At least think about it for a moment.