I’m curious to know how people manage their different encrypted storage here. And I’m talking about the case where you really need to manage SEVERAL encrypted storages/files.

What software do you use? Where do you save your passwords (password manager/paper/other) or do you use physical keys?

In short, what’s the best combination you’ve found or recommend to cover as many attack surfaces as possible: remote, local, physical, etc.?

  • Helix 🧬@feddit.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Nice try, FBI.

    I usually use LUKS2 and a password manager with a keyfile (on the LUKS encrypted partition). The passwords for them are in my head.

    Remote LUKS systems are set up with dropbear in the initramfs so I can enter passwords without being present or having access to IPMI. After a few tries the system nukes the LUKS header and I have to manually recover it from backup.

    I also have an emergency password DB without a keyfile, where the password is the beginning of a chapter of a readily available book. I won’t tell you which book or which chapter though 😃