Comments on: Sufficient Paranoia https://pthree.org/2013/10/04/sufficient-paranoia/ Linux. GNU. Freedom. Tue, 31 Oct 2017 18:00:46 +0000 hourly 1 https://wordpress.org/?v=5.0-alpha-42199 By: s3hh https://pthree.org/2013/10/04/sufficient-paranoia/#comment-129809 Fri, 11 Oct 2013 12:36:38 +0000 http://pthree.org/?p=3261#comment-129809 BTW, thanks for this post. Just as I need to read fitness magazines to get psyched about working out, I need occasional posts like this to remind me about the bits I've gotten lazy about. And there are always more than one of those...

]]>
By: s3hh https://pthree.org/2013/10/04/sufficient-paranoia/#comment-129808 Fri, 11 Oct 2013 12:35:29 +0000 http://pthree.org/?p=3261#comment-129808 Sure, I originally described how to use the yubikey challenge-response mode for passphrases here: http://s3hh.wordpress.com/2011/10/28/personalizing-yubikeys-for-passphrase-management/

]]>
By: axel https://pthree.org/2013/10/04/sufficient-paranoia/#comment-129792 Wed, 09 Oct 2013 08:35:22 +0000 http://pthree.org/?p=3261#comment-129792 For the “others left behind” problem, there a few approaches.

Cory Doctorow has half of his private GPG key's passphrase with his wife and half with his parents's lawyer . In case of tragedy, they can combine both halves to get the key which presumably unlocks more things on his computer. (http://brian.carnell.com/articles/2009/cory-doctorow-on-real-world-key-escrow/)

I've been interested in trying SSSS out. (http://point-at-infinity.org/ssss/)
It lets you split a secret in as many part as you want, with as many parts needed to reconstruct the secret as you see fit.
Leave an encrypted version of your key with a crazy passphrase to a trusted friend or two, split the passphrase say in 8, and require at least 4 people to be able to retrieve it.
Or do the same for your LUKS passphrase, which will let your nearest and dearest unlock your computer / backups and retrieve necessary info.

On that respect, do you use a password manager? You mention long and truly random passwords, I assume you don't remember them all by heart?

]]>
By: Aaron Toponce https://pthree.org/2013/10/04/sufficient-paranoia/#comment-129756 Sun, 06 Oct 2013 15:07:09 +0000 http://pthree.org/?p=3261#comment-129756 I'm familiar with challenge-response, but not how to get it functioning. If you have any guides you can point me to, that would be great.

]]>
By: s3hh https://pthree.org/2013/10/04/sufficient-paranoia/#comment-129746 Sat, 05 Oct 2013 15:41:28 +0000 http://pthree.org/?p=3261#comment-129746 It sounds like you're using the yubikey to print out a static passphrase. I assume you know this - and it may not work depending on the devices you need to use it with - but you can also use the yubikey in challenge-response mode so you input a secret password and get back a long string. That not only lets the string vary based on site (I realize you add a passphrase to it already), but makes a stolen yubikey less useful to the thief.

]]>
By: Anonymous https://pthree.org/2013/10/04/sufficient-paranoia/#comment-129743 Sat, 05 Oct 2013 06:46:54 +0000 http://pthree.org/?p=3261#comment-129743 s/We don't know when/We don't know since when/

]]>