LP has still not had a data breach to date. Even if they did, they
don't store anything but an encrypted blob of random bits. They have
responded quickly to all issues and patched things fast. The last issue
was reported to them on a Saturday via Twitter and they had it fixed
within 4 hours. You can't ask for better responsibility by a major
security company like LP.
I guess we need to figure out how to create a recovery key and get the
credentials to that central LP account.
Dave
On 05/15/2017 05:35 PM, Greg Stein wrote:
We currently keep many credentials in LastPass (*). ... If y'all would like
to construct a recovery key for SA, then we'll happily store that into the
ASF LastPass account.
Cheers,
-g
(*) after a couple LP security notices, we are considering other options,
but that's neither here/there. if we switch vault providers in six
months... we'll *still* have one for an SA recovery key.
On Mon, May 15, 2017 at 5:27 PM, Kevin A. McGrail <[email protected]
wrote:
Greg,
Dave Jones brings up a good point about longevity of encrypted things for
the foundation. Could infra maintain a key that can be added to things for
a backdoor?
See below for a snapshot of the relevant thread for background.
Regards,
KAM
KAM:
What you should do is use the pub key at http://people.apache.org/~
kmcgrail/ and encrypt a file with the password. <soapbox>Ideally, you
already have a key for me that chains to a circle of trust so you know for
sure it's me. They actually have key signing parties and stuff for this.
I've found it to be a PITA and doesn't make me feel better that the key is
valid. It's not like we are trained in verifying fake IDs so it's nothing
but an illusion of trust.</soapbox>
Dave: My concern is I can sign it with your (Kevin's) key and even Brian's
key so the two of you can open it but what happens if another 5 or 10 years
go by and we 3 are no longer volunteering as SA sysadmins? The next
generation of sysadmins won't be able to open these files.
There has to be a better way where we use an encrypted file with a master
password that we share and is recorded in a save place for the future.
I use LastPass for this and I have my master password in an envelope in a
safe for my wife to open in the event I am no longer on this planet. I have
instructed her to take this envelope to any of my techie friends and they
would know how to help her get access of all of my online accounts. We
need something like this for this team.
KAM: The first consideration is that the method above with SVN is
considered acceptable to the foundation and exists already. It long
predates me and has a strong encryption pedigree. It also doesn't rely on
a service being in business since it uses all open source software and
files that you can mirror today.
What I have done that is similar to what you describe is that my
passphrase for my private key is in my safe. So should I leave this mortal
coil, the data is all recoverable.
Also, we are trying to move away from master passwords as much as
possible. Sharing of root credentials should be avoided as just a general
security mantra.
KAM: Do you feel strongly enough about it to debate it with infra and see
what their thoughts are?
Dave: Not that strongly. I will be glad to go along with the existing
standards. Seems like there should be an escrow-ed key from the foundation
or something that we would also sign with for the future.