[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Planning for Emergency restore
Storing the keys in your password store like BitWarden
> On 04 Apr 2021, at 19:37 , jerry <firstname.lastname@example.org> wrote:
> With a complete tarsnap backup, I could restore everything... but the big bad trojan might have encrypted the filesystem with my tarsnap key!
What about you password manager as a storage? (Ie. Bitwarden is what I use, and I share those keys with the needed people that needs to get access in my absence)
> Even though it's not a Samba share, and the directory is only readable by root, and the file is only readable/writable by root. Actually, why should it be writable at all? I'd never change it. "sudo chmod u-w tarsnap.key”.
you could try the immutable flag too, but the assumption here is the ransomware got the needed root privileges to clear that flag too.
> Anyway, in that situation, the tarsnap key becomes VERY valuable. I suppose I could stick it on some encrypted media and keep it somewhere else. Friend's house? What if my house burns down? A disk in the fire safe would probably get fried, but what about a piece of paper?
Depends on the factos etc. a safe at a bank isn’t a bad option to consider.