public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: Rich Freeman <rich0@gentoo.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Hard drive storage questions
Date: Sat, 9 May 2015 14:16:05 -0400	[thread overview]
Message-ID: <CAGfcS_=u1OBYDur_-8Eoq+3qTgj2Jdn0GXBnXyi41tUT5wfR0Q@mail.gmail.com> (raw)
In-Reply-To: <20150509144620.GC25204@ns1.bonedaddy.net>

On Sat, May 9, 2015 at 10:46 AM, Todd Goodman <tsg@bonedaddy.net> wrote:
>
> As for keys, you could use Amazon's AWS Key Management Service.
> Of course they could be sitting there gathering keys, but at some point
> you either have to trust they'll do what they say or simply decide not
> to use them at all (IMNHO.)

That is really intended more for credentials used for hosted systems
to communicate with other services/each other/etc.  If you have to
have your credentials in the cloud, then you might as well have a
somewhat secure way to manage them.  However, that is clearly inferior
to not putting credentials in the cloud in the first place.

>
> You could also use AWS Key Management for backup data you want
> "reasonably" secured and then your own keys for data you want more
> highly secured (hopefully much smaller so the verify costs are more
> reasonable.)
>

I just don't frequently verify my backups.  I'm willing to trust
Amazon to have my data when I ask for it.  That is their entire
business model with S3 and they're probably one of the stronger links
in the data security chain.  If I'm going to be paranoid about that,
I'm going to probably have other things I'd prefer to improve first.

I keep copies of my backup keys in a few places.  My thread model is
somebody hacking my account looking for personal data
(finances/keys/whatever).  If they hack into Amazon they won't have
the necessary keys.  If somebody manages to steal one of my keys in
safekeeping elsewhere, they won't have access to any of the data
encrypted using the key.  If the NSA or whoever is going to access my
Amazon data and also ask my bank to open my safe deposit box or
whatever, then more power to them.  I run a tor node, so they've
probably rooted my box anyway.


-- 
Rich


  reply	other threads:[~2015-05-09 18:16 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-04-28  8:39 [gentoo-user] Hard drive storage questions Dale
2015-04-28 14:49 ` Francisco Ares
2015-04-28 15:01 ` Alan McKinnon
2015-04-28 15:24   ` Neil Bothwick
2015-04-28 17:38     ` Rich Freeman
2015-04-28 18:11       ` Neil Bothwick
2015-04-28 18:31         ` Rich Freeman
2015-04-28 18:41           ` Neil Bothwick
2015-04-28 22:02     ` [gentoo-user] " walt
2015-04-29  1:24       ` Rich Freeman
2015-04-29  6:20       ` Alan McKinnon
2015-04-29 14:31         ` Grant Edwards
2015-04-29  6:13     ` [gentoo-user] " Alan McKinnon
2015-04-29  7:52       ` Neil Bothwick
2015-05-04  7:39         ` Dale
2015-05-04  7:46           ` Neil Bothwick
2015-05-04  8:13             ` Mick
2015-05-04  8:26               ` Dale
2015-05-04  8:23             ` Dale
2015-05-04 10:31               ` Neil Bothwick
2015-05-04 10:40                 ` Dale
2015-05-04 11:26                   ` Neil Bothwick
2015-05-09 10:56                     ` Dale
2015-05-09 12:59                       ` Rich Freeman
2015-05-09 14:46                         ` Todd Goodman
2015-05-09 18:16                           ` Rich Freeman [this message]
2015-05-04 11:35                 ` Rich Freeman
2015-05-04 18:42                   ` Nuno Magalhães
2015-05-05  6:41                     ` Alan McKinnon
2015-05-05 10:56                     ` Rich Freeman
2015-05-05 11:33                       ` Neil Bothwick
2015-05-05 12:05                         ` Mick
2015-05-05 12:21                           ` Neil Bothwick
2015-05-05 12:39                             ` Mick
2015-05-05 12:53                             ` Rich Freeman
2015-05-05 21:50                               ` Neil Bothwick
2015-05-05 22:21                                 ` Bill Kenworthy
2015-05-05 22:33                                   ` Bill Kenworthy
2015-05-04 10:57               ` Alan Mackenzie
2015-04-28 15:02 ` Rich Freeman
2015-05-04  7:23 ` Dale
2015-05-05  3:01   ` Walter Dnes
  -- strict thread matches above, loose matches on Subject: below --
2018-11-09  1:16 Dale
2018-11-09  1:31 ` Jack
2018-11-09  1:43   ` Dale
2018-11-09  2:04     ` Andrew Lowe
2018-11-09  2:07     ` Bill Kenworthy
2018-11-09  8:39       ` Neil Bothwick
2018-11-09  2:29 ` Rich Freeman
2018-11-09  8:17   ` Bill Kenworthy
2018-11-09 13:25     ` Rich Freeman
2018-11-09  9:02   ` J. Roeleveld
2018-11-11  0:45   ` Dale
2018-11-11 21:41     ` Wol's lists
2018-11-11 22:17       ` Dale
2018-11-09  9:24 ` Wols Lists
2015-04-27  7:41 Dale
2015-04-28 18:25 ` Daniel Frey
2015-04-28 21:23   ` Dale

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGfcS_=u1OBYDur_-8Eoq+3qTgj2Jdn0GXBnXyi41tUT5wfR0Q@mail.gmail.com' \
    --to=rich0@gentoo.org \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox