Terence EdenJun 7

Here's the nightmare scenario for anyone who uses a password manager, 2FA, and other modern online security tools.

https://shkspr.mobi/blog/2022/06/ive-locked-myself-out-of-my-digital-life/

I've locked myself out of my digital life

Imagine… Last night, lightning struck our house and burned it down. I escaped wearing only my nightclothes. In an instant, everything was vaporised. Laptop? Cinders. Phone? Ashes. Home server? A smouldering wreck. Yubikey? A charred chunk of gristle. This presents something of a problem. In order to recover my digital life, I need to be able to log in to things. This means I need to know my u…

Terence Eden’s Blog
Show threadAmin Hollon 🏳Jun 7

@Edent

Hmm, this has got me considering—if I locked a copy of my password vault in an encrypted tomb (https://dyne.org/tomb/), I could then spread copies of that tomb around to various places I could get access back (with a memorized password or something), then put a copy of the keyfile on a USB drive given to a friend (or multiple friends). That way I don't have to get access to the friend's USB whenever I update or add a password, I just update the tomb. The friend also wouldn't have access to the tomb, just the key.

Probably not foolproof, but feels like it addresses a number of points on the threat model?

Tomb | Tomb: The Linux Crypto Undertaker

Tomb is a minimalistic command line tool based on Linux dm-crypt and LUKS, trusted by hackers since 2007.

Tomb
Show threadLightJun 7
@amin
Doesn't KeePass encrypt the database by default
You could do that, and put it in a directory which you sync via Syncthing with a bunch of people whom you trust and can reach IRL who have all done the same thing and put their password database inside it.
If you lose your database, just get it from one of your friends.
@Edent
Show threadAmin Hollon 🏳

@light @Edent

I mean, yeah, the databases are encrypted. Tombs feel like an easy way to separate the key from the encryption, but I guess it's not totally necessary.

Jun 8 at 2:32amWeb