|
From: | Thomas Harold |
Subject: | Re: [rdiff-backup-users] backing up a Bitcoin wallet (private key) |
Date: | Fri, 13 Dec 2013 10:01:46 -0500 |
User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 |
On 12/13/2013 1:50 AM, Gavin wrote:
I rdiff backup everything onto a LUKS encrypted file system. Because the same problem applies to ssh keys, leave them lying around on a portable drive...?
We do something very similar for our USB drive backups. Mount the USB drive as a LUKS encrypted file system with a very long static password. We use a static keyfile in addition to the password (the password is our fallback and has been communicated via GPG to the key holders).
The downside is that the keyfile is stored on the server's file system (in a restricted area, but it still exists). But it is good enough (for our purposes) to guard against the person who takes the drives offsite from either losing them or someone getting curious about the content.
If someone has enough access to our server to get the key file, we have bigger issues.
For cases like SSH keys and bitcoin wallets which are protected by passwords, it's just shifting the problem around. But it is still a good recommendation because LUKS allows you to also protect content that is not password-protected.
[Prev in Thread] | Current Thread | [Next in Thread] |