21Nis
Best practices: Use of a single private key as a person, or multiple to identify self across domains?
Similar to the question here, I'd like to apply the same question to a person.
For example, I have implanted a chip in my hand1 that holds an encrypted private key that serves as my personal unique identifier. As it is tied to my person physically, I have just a single origin for the key it holds.
I currently use this key to authenticate with my own servers. What I'd like to do is register this key's public component for use at work.
- Assuming that the key itself is adequately secure,2 what vulnerabilities does this expose to my key and the servers I use it with?
- Should I consider creating additional private keys to identify me?
1 Yes, I actually did this.
2 The two prime numbers were generated on an offline computer, then transferred to the chip encrypted using a serial NFC read/writer.