Storing the keys in your password store like BitWarden > On 04 Apr 2021, at 19:37 , jerry <[email protected]> wrote: > > With a complete tarsnap backup, I could restore everything... but the big > bad trojan might have encrypted the filesystem with my tarsnap key!
What about you password manager as a storage? (Ie. Bitwarden is what I use, and I share those keys with the needed people that needs to get access in my absence) > Even though it's not a Samba share, and the directory is only readable by > root, and the file is only readable/writable by root. Actually, why should > it be writable at all? I'd never change it. "sudo chmod u-w tarsnap.key”. you could try the immutable flag too, but the assumption here is the ransomware got the needed root privileges to clear that flag too. > Anyway, in that situation, the tarsnap key becomes VERY valuable. I suppose > I could stick it on some encrypted media and keep it somewhere else. > Friend's house? What if my house burns down? A disk in the fire safe would > probably get fried, but what about a piece of paper? Depends on the factos etc. a safe at a bank isn’t a bad option to consider.
