Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Submission + - How does one store keyfiles securely, but still accessible in case of emergency? 2

castionsosa writes: With various utilities like borgbackup, NetBackup, zbackup, and others, one uses a keyfile on the client as the way to encrypt and decrypt data. Similar with PGP, GnuPG, and other OpenPGP utilities for the private keys. However, there is a balance between security (keeping the keyfile in as few places as possible) and recoverability (keeping many copies of it). Go too far one way, and one will be unable to restore after a disaster. Go far the other way, and the encryption can wind up compromised.

I have looked at a few methods. PaperBack (which allows one to print a binary file, then scan it) gives mixed results, and if there is any non-trivial misalignment, it won't retrieve. Printing a uuencoded version out is doable, but there would be issues for scanning, or worse retyping. There is obviously media storage (USB flash drive, CD-ROM), but flash isn't an archival grade medium, and optical drives are getting rarer as time goes on. Of course, stashing a keyfile in the cloud isn't a wise idea, because once one loses physical control of the medium the file is stored on, one can't be sure where it can end up, and encrypting it just means another key (be it a passphrase or another keyfile) is stored somewhere else. I settled upon having a physical folder in a few locations which contains a USB flash drive, CD-R, and a printed copy, but I'm sure there is a better way to do this.

Has anyone else run into this, either for personal recoverability of encrypted data, or for a company? Any suggestions for striking a balance between being able to access keyfiles after disasters of various sizes (ransomware, fire, tornado, hurricane) while keeping them out of the wrong hands?

Comment Has anyone actually tried this? (Score 2, Interesting) 341

So I went through and tried configuring one of these systems, but I couldn't add it to my cart because of 'Compatibility Problems', which the Dell website was even kind enough to explain to me so that they could be fixed and I could continue adding the machine to my cart. The 'problems' it reported to me were:

Errors:
        Windows® Vista does not support Optical Drive selected.
Warnings:
        You have selected Vista Premium Operating System with a Basic system configuration. To fully realize Vista Premium's capabilities you need to select at least 1GB Dual Channel DDR2 SDRAM Memory.

And no, I did not change the OS selection, I checked twice that it was still set to 'FreeDOS'.

Slashdot Top Deals

Men take only their needs into consideration -- never their abilities. -- Napoleon Bonaparte

Working...