> Depends on the factos etc. a safe at a bank isn’t a bad option to consider.
Safe deposit boxes aren't safe. https://www.nytimes.com/2019/07/19/business/safe-deposit-box-theft.html On Sun, Apr 4, 2021, at 12:43, hvjunk wrote: > Storing the keys in your password store like BitWarden > > > On 04 Apr 2021, at 19:37 , jerry <[email protected]> wrote: > > > > With a complete tarsnap backup, I could restore everything... but the big > > bad trojan might have encrypted the filesystem with my tarsnap key! > > What about you password manager as a storage? (Ie. Bitwarden is what I > use, and I share those keys with the needed people that needs to get > access in my absence) > > > Even though it's not a Samba share, and the directory is only readable by > > root, and the file is only readable/writable by root. Actually, why > > should it be writable at all? I'd never change it. "sudo chmod u-w > > tarsnap.key”. > > you could try the immutable flag too, but the assumption here is the > ransomware got the needed root privileges to clear that flag too. > > > Anyway, in that situation, the tarsnap key becomes VERY valuable. I > > suppose I could stick it on some encrypted media and keep it somewhere > > else. Friend's house? What if my house burns down? A disk in the fire > > safe would probably get fried, but what about a piece of paper? > > Depends on the factos etc. a safe at a bank isn’t a bad option to consider. > > >
