[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Planning for Emergency restore
On Sun, 4 Apr 2021, at 17:37, jerry wrote:
> Anyway, in that situation, the tarsnap key becomes VERY valuable. I
> suppose I could stick it on some encrypted media and keep it somewhere
> else. Friend's house? What if my house burns down? A disk in the fire
> safe would probably get fried, but what about a piece of paper?
USB media are far less reliable than one might be lead to believe. Even
CD/DVD can't be trusted with long term storage.
> I just tried printing the key on paper. I scanned the paper with my
> Fujitsu scansnap at max resolution. Then converted the resulting PDF to
> a jpg with ImageMagick. Then OCR'd it with tesseract. No joy. OCR is
> just not good enough.
> Letters "l" get changed to numbers "1", extra letters appear here &
> there.... Just not gonna work.
> Ideas? Right now, I'm experimenting with printed barcodes.
> - Jerry Kaidor
For the truly paranoid, combine:
-  shamir's secret sharing algorithm to split your secret into N shards
-  encode each shard and print separately on paper
- distribute those printed shards to different trusted sources
- confirm you can actually recover your service from those shards
- think about how somebody other than you might recover these keys
: https://github.com/dsprenkels/sss or similar
Practically, I'm far more worried about an accident happening to me, and my business/family being unable to recover this secret because of "confusing technical wizardry" so select people have complete copies.