On Fri, Aug 28, 2020 at 11:15:00AM -0400, Christopher Browne via talk wrote: > Here's a cool thing I saw recently... > > https://www.schneier.com/blog/archives/2020/08/dicekeys.html
The comments are certainly fun to read. > The intention of this parallels the various Bitcoin "Solid Steel Passphrase > Wallet" items that were popular a year or so ago > (See https://www.toughgadget.com/bitcoin-crypto-metal-recovery-seed-wallets/, > https://www.buybitcoinworldwide.com/wallets/steel/ ) > > It's a case for a set of 25 dice that looks like a Boggle game set; it will > generate and "record" what ought to be a Sooper Seekrut key as would be > used for things like: > - master key for password manager > - U2F key for 2 Factor Authentication > - Secret key for cryptocurrency wallet > > By being a set of dice with a nice plastic box to hold them securely, this > is not vulnerable to various threats common to electronic devices: > - EMP (for those highly worried about nuclear devices) > - Water damage > > Of course, if all your disk drives get toasted, there might not be any data > left to decrypt or systems to connect to. And plastic will melt away or > burn when exposed to fire... > > But it's pretty cool, I'm tempted to grab a set. > > There's a web app: https://dicekeys.app/ > > It appears that this application, embedded in a single JavaScript file, > runs locally, inside your browser, so that usual criticisms about it being > a giant security vulnerability of sharing your key with their web site > seems like it mightn't apply. How to confirm in an authoritative way that > nothing is *actually* shared seems like the fun security question. I guess if you load the page, go offline, do the thing, close the browser, wipe any caches and other things from it, then maybe you could trust it? Or save a copy locally, read all the code and only run your verified local copy? -- Len Sorensen --- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
