On 2/4/2014 4:18 PM, Tom Perrine wrote:
I know where I keep mine, but I'm not sure I've been paranoid enough
the past few years :-)
Where do you store your GPG keyring? Personal or business laptop? Home
or other server? USB or other removable media? In the cloud?
I should point out that I use PGP, and am very Luddite when it comes to
which versions.
And more importantly, how did you decide where to keep your keyring?
Remember that really cool server in Finland? I made a key using them,
and then promptly had one of two hard drives in my sparc 2 bite the
dust (metal flakes and grinding sound mean gone forever). My keyring
was on that drive. OW! I learned a lesson, then. I keep a copy of the
keyring on a server that's about four feet away from me right now. I
keep backup copies on multiple different media, including a floppy,
and a couple of different USB keys. My passphrases are HARD. VERY.
I am unable to type them under duress.
I don't willingly use any cloud for anything. I realize that some of
my data is probably there, but it's NOT MY CHOICE.
At the moment...
Your solution seems more cumbersome than I'd probably put up with, but
then, I've lost enough machines that I know some things need serious
redundancy.
So, anyone want to share? Am I paranoid enough, or too much?
Well, we've known each other a fearsomely long time, so I'd say you can
trust me when I tell you that you have the correct amount of paranoia.
There are few that are *more* paranoid than I.
I'm still deciding on my threat model, so I haven't made a serious
decision about how I'm going to do this in the future. At the moment,
I'm going with what's easy enough, but I may want to change that soon.
One thing I do, and recommend strongly, is to separate out keys, and the
purpose for them. If there are things that others might need if I am
incapacitated or deceased (which would be the ultimate incapacitation),
I use a different key. The passphrases for that set of keys is part of
the document of passwords and account numbers that lives in my safe
deposit box at the bank. The keyring containing the private versions
OF ONLY THOSE KEYS is on a CD in that same box at the bank.
The other pass phrases? From my cold dead hands.
You know what I always said:
It's not that I'm paranoid. It's that I'm not paranoid enough.
BTW, just for fun, the primary servers are literally below ground. I'm
a believer in Van Eyck. I consider dirt+cement (it's a two story house,
but the first floor is slightly below the ground) to be just one more
piece of insurance. I'm also no longer interesting, of course.
--
I happen to go very strongly with the Buddhist understanding
that the good is to be done because it is good, not because it
goes somewhere. (Father Daniel Berrigan)
_______________________________________________
Discuss mailing list
Discuss@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
