On Sun, 4 Apr 2021, at 17:37, jerry wrote: > Hello, > Anyway, in that situation, the tarsnap key becomes VERY valuable. I > suppose I could stick it on some encrypted media and keep it somewhere > else. Friend's house? What if my house burns down? A disk in the fire > safe would probably get fried, but what about a piece of paper?
USB media are far less reliable than one might be lead to believe. Even CD/DVD can't be trusted with long term storage. > I just tried printing the key on paper. I scanned the paper with my > Fujitsu scansnap at max resolution. Then converted the resulting PDF to > a jpg with ImageMagick. Then OCR'd it with tesseract. No joy. OCR is > just not good enough. > Letters "l" get changed to numbers "1", extra letters appear here & > there.... Just not gonna work. > > Ideas? Right now, I'm experimenting with printed barcodes. > > - Jerry Kaidor For the truly paranoid, combine: - [1] shamir's secret sharing algorithm to split your secret into N shards - [2] encode each shard and print separately on paper - distribute those printed shards to different trusted sources - confirm you can actually recover your service from those shards - think about how somebody other than you might recover these keys [1]: https://github.com/dsprenkels/sss or similar [2]: https://lab.whitequark.org/notes/2016-08-24/archiving-cryptographic-secrets-on-paper/ Practically, I'm far more worried about an accident happening to me, and my business/family being unable to recover this secret because of "confusing technical wizardry" so select people have complete copies. A+ Dave
