freedomofpress
Document how to protect shards over time
Feature Request
Description
In practice, splitting a secret into multiple shards will require safe storage of each shard. Some possibilities for technical storage:
- cold storage in airgapped Tails persistence volume
- LUKS-encrypted non-tails USB stick
- GPG-encrypted in unencrypted USB stick
- GPG-encrypted within an encrypted USB stick (plain old LUKS or Tails persistence)
Additionally, physical storage requirements should be considered, to avoid loss of shards due to misplacing. Some possibilities for physical storage:
- safe in a secure room at organization
- safe at home
- on keyring, kept on-person
All options come with caveats. We should at least list out some of the options, and preferably recommend generalized solutions for most use cases.
User Stories
As a user with a secret to protect, I want to make sure that distributing trust is not reducing the likelihood I can recover the secret after a long time has passed. Recommend a safe solution for my use case.
As a technical admin advising users on Sunder, I want to reference documentation to make the right choice for the use case I'm faced with.
I want to take this up, although I am no expert (far from it) on the subject. I will definitely do my research and call for a review from the team when I'm done. Does that sound good?
@abhn Sure, more research here would be great! Feel free to report back on your research into this ticket, to ping others for discussion, prior to opening a PR. As is typical with security tools, the challenge here is to balance usability against operational procedures that would thwart a potential attacker.
@conorsch hey hi!
I've made a small gist (https://gist.github.com/abhn/f9ae973091e7cbea018c25edd79087f2) with techniques for sharing shards, along with one-liner instruction on how to go about doing it and a brief use case. Would appreciate some feedback on this.
Thanks!