A new open-source project called PCKB (PunchCard Key Backup) has sparked heated discussions among developers about the best methods for creating physical backups of cryptographic keys. The project allows users to encode 128 bits of sensitive data onto metal cards using punched holes, similar to old computer punch cards, but the community is divided on its practical value.
The system works by converting digital keys into a pattern of holes that can be punched into aluminum sheets using basic tools like a drill and stencil. Users can then store these metal cards in safe places as disaster recovery backups for important passwords or encryption keys.
 |
|---|
| A punch card stencil used for creating physical backups of cryptographic keys, showcasing the concept of encoding sensitive data through punched holes |
Security Concerns Around Automated Manufacturing
One of the hottest debates centers on whether CNC machines and routers should be used to automate the card creation process. Some developers worry that any computerized manufacturing equipment could potentially store traces of the sensitive data being encoded. Others argue that older, simpler CNC controllers that only stream commands without internal storage could be safe to use.
The discussion highlights a fundamental tension in security practices: the more convenient and automated a process becomes, the more potential points of failure it introduces. This concern extends beyond just CNC machines to include printers, which some developers distrust entirely when handling sensitive information.
Alternative Approaches and Information Density
Community members have proposed several alternatives they consider more practical than the punched card approach. QR codes printed on durable materials emerged as a popular suggestion, though supporters of the punch card method point out that QR codes require specialized software to decode and may not survive certain disasters as well as holes in metal.
Some developers suggested using higher information density encoding methods, such as stamped letters and numbers instead of binary holes. This approach could store the same amount of data in a much smaller space while remaining human-readable without any tools or software.
Long-term Durability Questions
The choice of aluminum as the base material has generated significant discussion about long-term storage considerations. While aluminum is easy to work with using basic tools, some community members raised concerns about its chemical stability over decades of storage, especially in varying environmental conditions.
Make sure it's stored in an electrochemically inoffensive environment, including considerations like dissimilar-metal contact, etc.
The 128-bit capacity limitation has also drawn criticism from developers who need to back up larger keys, such as 256-bit encryption keys used in modern systems. The project creator suggests using multiple cards or encrypting larger secrets with the 128-bit key as a password.
Practical Implementation Challenges
Several developers questioned whether the encoding method would remain understandable years later during an actual recovery situation. The binary format requires either the original software or manual conversion using basic math, which some argue could be forgotten or become difficult under stress.
The project does include a permanent URL redirect and suggests engraving recovery instructions directly onto the cards, but community members remain split on whether this approach offers real advantages over simpler alternatives like hand-engraved text or printed QR codes stored in protective cases.
Despite the debates, many developers appreciate the project's focus on using only basic tools and materials that would remain accessible during various disaster scenarios. The approach represents an interesting middle ground between high-tech solutions and completely manual methods for long-term data preservation.
Reference: pckb -- PunchCard Key Backup