Re: Planning for Emergency restore

[hvjunk <hvjunk@gmail.com>]

Storing the keys in your password store like BitWarden 

> On 04 Apr 2021, at 19:37 , jerry <jerry@tr2.com> wrote:
> 
>   With a complete tarsnap backup, I could restore everything... but the big bad trojan might have encrypted the filesystem with my tarsnap key!

What about you password manager as a storage? (Ie. Bitwarden is what I use, and I share those keys with the needed people that needs to get access in my absence)

>  Even though it's not a Samba share, and the directory is only readable by root, and the file is only readable/writable by root.   Actually, why should it be writable at all?  I'd never change it. "sudo chmod u-w tarsnap.key”.

you could try the immutable flag too, but the assumption here is the ransomware got the needed root privileges to clear that flag too.

>  Anyway, in that situation, the tarsnap key becomes VERY valuable.  I suppose I could stick it on some encrypted media and keep it somewhere else.  Friend's house?  What if my house burns down?  A disk in the fire safe would probably get fried, but what about a piece of paper?

Depends on the factos etc. a safe at a bank isn’t a bad option to consider.