[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] backing up a Bitcoin wallet (private key)

From: Thomas Harold
Subject: Re: [rdiff-backup-users] backing up a Bitcoin wallet (private key)
Date: Fri, 13 Dec 2013 10:01:46 -0500
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

On 12/13/2013 1:50 AM, Gavin wrote:
I  rdiff backup everything onto a LUKS encrypted file system.
Because the same problem applies to ssh keys, leave them lying around on
a portable drive...?

We do something very similar for our USB drive backups. Mount the USB drive as a LUKS encrypted file system with a very long static password. We use a static keyfile in addition to the password (the password is our fallback and has been communicated via GPG to the key holders).

The downside is that the keyfile is stored on the server's file system (in a restricted area, but it still exists). But it is good enough (for our purposes) to guard against the person who takes the drives offsite from either losing them or someone getting curious about the content.

If someone has enough access to our server to get the key file, we have bigger issues.

For cases like SSH keys and bitcoin wallets which are protected by passwords, it's just shifting the problem around. But it is still a good recommendation because LUKS allows you to also protect content that is not password-protected.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]