[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Planning for Emergency restore



On Sun, Apr 04, 2021 at 06:49:57PM -0700, jerry wrote:
> I'll get a bunch of flash drives and stick an encrypted copy of 
> the key in each one.
> 
> ... What if somebody breaks my encryption...?

Another option is to add a passphrase to your Tarsnap keyfile.  Of course,
then you need to make sure that you will always remember your passphrase.

Depending on your threat model, that could be easier said than done.  For
example, a bad head injury (perhaps from a car accident?) could give you
amnesia.  If all of your financial information is encrypted and nobody else
has the passphrase, that could leave you in a rather bad position.
(Especially if you live in a country with for-profit health care!)

> ...Will the tarsnap key still work without the first and
> last lines?  The ones that say "# START OF TARSNAP KEY FILE" and "# END 
> OF TARSNAP KEY FILE" ?

Yes.  (And even if the tarsnap binary couldn't handle such keyfiles, it would
be easy to add that text yourself during recovery.)

There's also a checksum at the end of every line.  If you look at
lib/keyfile/keyfile.c, you can see the details.

Cheers,
- Graham Percival