“For storing rarely used secrets that should not be kept on a networked computer, it is convenient to print them on paper. “
I archive them on paper. I don’t print them, though. I trust the printers less than my computer. They might get compromised or just keep/leak stuff that was supposed to be temporary. Writing them down is a pain but I don’t have to do it often.
You could use Shamir’s Secret Sharing to distribute the secret into n shares useless without the others, and print them on n different printers on different networks..
On second thought, perhaps pen and paper aren’t too bad an option XD
That sounds risky and painful. Maybe a QR code on screen and a polaroid would be easier?
A polaroid doesn’t seem like a bad idea.. especially if it’s kept out of light it should last quite a few years without fading (I think?).
I have some from my childhood, they’ve been kept in the dark but are quite good still. And I imagine there’s better paper options than what my broke-ass parents could afford in 1984 Australia. - Also, doesn’t have to be a literal Polaroid, just any archival film you develop at home. Home-developing would be more work than hand-writing, but less error-prone.
I understand the reasoning behind not sending sensitive information to a printer, since they’re proprietary black boxes, but it seems like there’s got to be a better way to preserve hard copies of keys than hand-writing or developing your own film.
I currently use 2 USB flash drives, but I expect those to fail at some point. Even optical media degrades over time (and I don’t even own a way to read optical media any more..).
A few years ago I cooked up a scheme to allow me to reboot into a working dropbox+1password setup in the unlikely event all my devices are destroyed at once, so long as I still have my wallet.
Unfortunately, it involved a QR code I printed and sent to my mum, who took a photo of it recently in order to text and ask me if it was OK to throw said letter out. So now I need to destroy the archive, as well as the other part of the key that I’ve got stashed somewhere else and start the whole thing again. So any suggestions from the crowd I wanna hear ’em :)
I never thought about a Polaroid for passwords! Brilliant idea! Thanks!
The funny part about that miss is that I often, half-serious/half-joking, told it to young women who were into sending risky pics over text that might get shared or put on Internet. I told them knock it off entirely. Obviously, most will rebel. Then, I told them they should make dude do it with Polaroids whose pics they keep. If he wants to look at them, he can do it when he’s with them. Alternatively, digital ones without WiFi or anything with same rule. Most of them liked that idea. I doubt most put it into practice, though. (sighs)
That sounds brutal, and error prone. Good point about printing though.
I used BASE64 with 64-characters… less if site/app has lower max… with any similar-looking characters written in different style. I also spell out what they are under them. I also space it out in 4-6 character groups. Double and triple check it.
So, I don’t get errors. It does make it more brutal than you probably thought.