[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Planning for Emergency restore

On Sun, 4 Apr 2021, at 17:37, jerry wrote:
> Hello,
>    Anyway, in that situation, the tarsnap key becomes VERY valuable.  I 
> suppose I could stick it on some encrypted media and keep it somewhere 
> else.  Friend's house?  What if my house burns down?  A disk in the fire 
> safe would probably get fried, but what about a piece of paper?

USB media are far less reliable than one might be lead to believe. Even
CD/DVD can't be trusted with long term storage.

>     I just tried printing the key on paper.  I scanned the paper with my 
> Fujitsu scansnap at max resolution.  Then converted the resulting PDF to 
> a jpg with ImageMagick.  Then OCR'd it with tesseract.   No joy.  OCR is 
> just not good enough.
> Letters "l" get changed to numbers "1", extra letters appear here & 
> there.... Just not gonna work.
>     Ideas?  Right now, I'm experimenting with printed barcodes.
>                       - Jerry Kaidor

For the truly paranoid, combine:

- [1] shamir's secret sharing algorithm to split your secret into N shards

- [2] encode each shard and print separately on paper

- distribute those printed shards to different trusted sources

- confirm you can actually recover your service from those shards

- think about how somebody other than you might recover these keys

[1]: https://github.com/dsprenkels/sss or similar
[2]:  https://lab.whitequark.org/notes/2016-08-24/archiving-cryptographic-secrets-on-paper/

Practically, I'm far more worried about an accident happening to me, and my business/family being unable to recover this secret because of "confusing technical wizardry" so select people have complete copies.