Question for you #pkm commu:

I'm wondering How do you handle long-term storage of critical secrets? Especially curious about approaches that survive both digital and physical threats over decades.
What threat models am I missing for personal cold storage scenarios?

#cryptography #backup #security #shamir
8/8

5/8
🔓 Why we open-sourced it:
When your financial security depends on a tool, you can't trust it to any company's business model. Cryptographic tools for long-term storage need to be:

- Transparent (audit the math)
- Immortal (survive any vendor)
- Community-maintained

4/8
🎯 Use cases beyond crypto:

- Password manager master vault exports
- GPG/SSH keys you can't afford to lose
- Encrypted family photos/documents
- Any "nuclear option" secret that needs decades of survival

The key insight: some secrets are too important for single points of failure.

3/8
🛡️ The crypto nerd in me loves that this is provably secure:

- AES-256-GCM for file encryption
- Shamir's algorithm over GF(256)
- Each share is self-contained with recovery tools
- Air-gapped operation (Docker --network=none)
- No proprietary crypto, everything auditable

1/8
🔐 The solution we ended up building uses Shamir's Secret Sharing - the same math that Trezor uses internally, but applied to any secret you need to store long-term.

GitHub: https://github.com/katvio/fractum

Split your seed phrase into 5 pieces, need any 3 to recover. The beautiful part: 2 pieces reveal ZERO information. Information-theoretic security, not just "computationally hard."