Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
software:files [2018/01/10 18:22]
cyril [Data recovery]
software:files [2022/12/24 00:07] (current)
cyril [Digital Will]
Line 10: Line 10:
   * do a full mirror backup of the data partition regularly (eg with rsync or a deduplicate software such as Attic) on an external hard drive or a network drive. Try to keep at least one copy somewhere else from your home (network drive, or one at home and one at work).   * do a full mirror backup of the data partition regularly (eg with rsync or a deduplicate software such as Attic) on an external hard drive or a network drive. Try to keep at least one copy somewhere else from your home (network drive, or one at home and one at work).
   * take precautions to put the odds on your side in case of problem: make copies of your disks MBR (output of command p of fdisk), of your encrypted partitions headers, etc.   * take precautions to put the odds on your side in case of problem: make copies of your disks MBR (output of command p of fdisk), of your encrypted partitions headers, etc.
 +
 +===== Digital Will =====
 +
 +The goal is threefold:
 +  * No one non-authorized can ever access to your data
 +  * The trusted persons can only access to your data in some conditions (deceased, coma, ...)
 +  * You are alerted when your data is accessed by the trusted persons (in case the access was not legitimate)
 +
 +Different approaches:
 +  - A service that gives your data to designated persons when they provide a death certificate for you (Wishbook, ...)
 +    * Cons: sending a fake document, does not work for coma, service needs to remain available, price, incomplete control.
 +    * Variants: store it directly in a vault at the bank, or at the notary.
 +  - A service that regularly checks that you are alive by requesting a connection with your private credentials (period can be adapted to the situations), and gives your data when you fail to do it, after warning emails (can be self-hosted).
 +    * Cons: there will be some delay between when you stop pinging and when your data becomes available, service needs to remain available, and if you host it yourself there is still a risk that your server crashes at the wrong time.
 +  - A service that waits for a request to reveal your data with a personal password, sends you one or several emails to warn you that this request has been made, and in the absence of opposition from you in some delay (that can be adapted to the situation) sends your data (can be self-hosted).
 +    * Cons: there will be some delay between when you stop pinging and when your data becomes available, service needs to remain available, or if you host it yourself there is still a risk that your server crashes at the wrong time (but if the service is associated to your password manager for instance, then the availability is not a problem anymore...)
 +  - Split the secret between several people (cf [[https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing|Shamir's secret]], implemented for instance in [[http://point-at-infinity.org/ssss/|ssss]] or [[https://github.com/jcushman/libgfshare|libgfshare]]), so that X out of Y need to agree to obtain your data.
 +    * Cons: people need to remain accessible (and not loose the information), compromise between robustness and risk of conspiracy, what data can each person access
 +  - Store your key on a piece of opaque paper (eg visit card), with you (eg in your smartphone), wrapped in a unique piece of paper (eg journal paper) that is glued. The goal is that it is impossible to read the key (eg through light) without removing the wrapping paper, impossible to remove it without tearing it apart, impossible to replace it without you noticing quickly. This base key then has to be derived a large number of times, so that it takes several days with a classical computer to derive the final key, which the designated persons then can use to decrypt their personal message. In case of unauthorized attempt, you can change the password. A better solution could be to use a proper TLP (Time Lock Problem) / TLE (Time Lock Encryption) / VDF (Verifiable Delay Function) / Delayed encryption, which would have the big advantage of fast generation, but it doesn't seem to exist standard implementations, even of seminal Rivest & Shamir proposal.
 +    * Cons: need to actively monitor the integrity of your artifact, doesn't work if you have an accident that destroys the artifact, need to revoke the information in case of unauthorized attempt (thus only revokable information is protected, such as passwords protecting data for which it is impossible to make an unauthorized copy beforehand), need to revoke the information in case of upgrade of the derivation scheme in order to follow hardware improvements.
 +    * Variant: it seems that it is possible to make "paint to scratch" with dishwashing soap and gouache, thus it can be an alternate way to hide while allowing to detect unauthorized access. Even if there is a tentative of reconstructing the paint layer, if a complex color mix was chosen, with approximate random borders, and even random color gradients, it would be very difficult to replicate accurately enough so that it goes unnoticed (especially if the color changes while drying).
 +
 +Different methods could be combined, for instance 2 or 3 plus 4. But 3 managed by the password manager is probably unbeatable.
 +
 +Ideally, for increased safety, the data to be obtained is always encrypted with a key that the designated persons possess.
 +
 +What to transmit?
 +  * Passwords (master password of your password manager, computer, encrypted data partitions, phone, ...)
 +  * Instructions about what data you have
 +
 +Notes:
 +  * Different levels of amount of information for your spouse, children, other family, friends?
 +  * How to transmit data (such as pictures) to a child? Probably has to go through a tutor.
 +
 +
 +
  
 ===== File Systems ===== ===== File Systems =====
software/files.1515608547.txt.gz ยท Last modified: 2018/01/10 18:22 by cyril
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0