Howto fix the problem: [LWN.net]

Howto fix the problem:

Posted Oct 15, 2009 10:14 UTC (Thu) by nix (subscriber, #2304)
In reply to: Howto fix the problem: by dlang
Parent article: Ubuntu to store copies of all users' address books

If the encryption key is relatively 'bare' (i.e. it's not made clear in the keyfile what service's data it's encrypting), just keep the encryption key on a USB key. Even if you drop it on a train, nobody who picks it up will have a clue what it's meant to decrypt.

(Now everyone else can tell me how stupid this idea is.)

(Log in to post comments)

Howto fix the problem:

Posted Oct 15, 2009 16:33 UTC (Thu) by drag (subscriber, #31333) [Link]

I save my important passwords on a LUKS-encrypted SD card. (it is small and
fits in my wallet and my laptops have SD support)

The LUKS password is relatively simple (plain english phrase), but it
should be enough to protect it if I drop it somewhere.

When you plug it into a Linux Gnome desktop automatically prompts you for
the password and opens up the folder for you. So it is very convenient.

I can't recommend this approach to normal folks because it only works if
you plug it in rarely. If you leave it plugged in all the time then it is
no better then having it in a folder.

But what is better (in terms of security) would be to print out keys into
ascii armor format or write down passwords to a hard copy. That way they
are impossible to hack! A person would have to physically break into my
house and search through my drawers and filing tower to find it.

Howto fix the problem:

Posted Oct 15, 2009 17:36 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

and a flood or fire would destroy your printout as well as your computer.