[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Planning for Emergency restore
> Depends on the factos etc. a safe at a bank isn’t a bad option to consider.
Safe deposit boxes aren't safe.
https://www.nytimes.com/2019/07/19/business/safe-deposit-box-theft.html
On Sun, Apr 4, 2021, at 12:43, hvjunk wrote:
> Storing the keys in your password store like BitWarden
>
> > On 04 Apr 2021, at 19:37 , jerry <jerry@tr2.com> wrote:
> >
> > With a complete tarsnap backup, I could restore everything... but the big bad trojan might have encrypted the filesystem with my tarsnap key!
>
> What about you password manager as a storage? (Ie. Bitwarden is what I
> use, and I share those keys with the needed people that needs to get
> access in my absence)
>
> > Even though it's not a Samba share, and the directory is only readable by root, and the file is only readable/writable by root. Actually, why should it be writable at all? I'd never change it. "sudo chmod u-w tarsnap.key”.
>
> you could try the immutable flag too, but the assumption here is the
> ransomware got the needed root privileges to clear that flag too.
>
> > Anyway, in that situation, the tarsnap key becomes VERY valuable. I suppose I could stick it on some encrypted media and keep it somewhere else. Friend's house? What if my house burns down? A disk in the fire safe would probably get fried, but what about a piece of paper?
>
> Depends on the factos etc. a safe at a bank isn’t a bad option to consider.
>
>
>