1. 13

G’day, fellow lobsterinos!

I need a new scheme for getting my passwords back in the unlikely event all my gadgets die (or are separated from me) at once. I was thinking an easy backup plan would be a cheap computer, some decryption software and a protected archive on it stashed somewhere with friends/family away from the rest of my stuff.

I thought about an RPI or similar, but I want something self-contained, and nothing too fiddly - it is after all just for an emergency.

So, I’m looking for something as cheap a possible which has the following qualities:

  • Cheap
  • Charges from USB-C, so the odds of finding a power supply 10 years from now are high
  • Removable battery, so I can store it without the battery physically inside (in case of swelling), as well as buy a backup battery
  • (Ideally) Removable SSD so I can replace it in a few years to extend the lifespan of the machine
  • Performance and storage aren’t important, I won’t be using it for regular computing - neither is physical usability so I don’t care if the screen, keyboard and trackpad suck, so long as they’re likely to still work after sitting in a cupboard for 10 years.
  1.  

  2. 19

    This seems very finicky. If you want something really reliable I would consider options that don’t rely on electronics booting up.

    Some ideas:

    • Stamped metal (there are punch kits available on Amazon for <$50)
    • Paper (human readable or machine encoded)
    • DNS (Namecheap lets you set up auto-renew and store a few hundred dollars in a balance. Drop in some encrypted TXT records and 10 years is very realistic)
    • Optic disc (Blu-ray or M-Disc)

    Any of these options can be recovered from any device you have in 10 years. Also, if you’re asking a friend to store this for you, they’ll definitely prefer a slim envelope over a laptop.

    1. 4

      Yeah - agree this is overthinking it.

      If you don’t want to feed your passwords through a possibly-compromised printer, spend 30 minutes with a piece of acid-free artists paper and write them all down. Do it twice. Lock one of them in a safe in your house, and one in a safe at a trusted persons house.

      With the right forensic techniques, that will still be recoverable even if it has burned or several thousand years have passed (but probably not both).

      1. 3

        Safety Deposit Boxes run ~30-60$/year depending on where you look and how big. Better option than a home safe, IMO, since those are really not much more than deterrents from a would-be attacker.

        That said, if you aren’t storing the launch codes probably home safe is fine. For sensitive documents like this though, a deposit box at a good sized bank gets you active security, monitoring, and relatively easy access if you ever need it.

        1. 4
          1. 3

            I think this is a case where you are both right. Safe deposit boxes are clearly not secure for valuables. But the threat model here is probably not a dedicated attacker trying to steal your password - unless you are indeed that special ;)

            When I had an apartment broken into years ago, I lost personal electronics, a jar of coins, and the personal safe I’d just purchased earlier that week to store passports and what not. It was (luckily) empty but locked, so it presented an appealing target for a thief hoping something good was inside. That inadvertent loss of your passwords would be a risk with a personal safe.

            Safe deposit boxes have another property you may consider an advantage in this case: they can be opened by the executor of your estate. Mine has (among other things) a written copy of my master password to my password manager. I was sure to include it knowing my personal files will be accessible in the event of my death.

            1. 3

              (I’m going to reply to you, but it’s really a reply to both you and njha)

              Exactly, There’s a big difference between storing watches in a SDB vs a couple bits of paper. That said, the real security principle here is that you should never have a single-point-of-failure. If you only store your stuff in a single way, then you are at risk of exactly the situation the article shows. What the article doesn’t show; or, in fact, shows the opposite of is that SDBs are resilient to theft:

              Of the 19,000 bank robberies reported to the F.B.I. in the last five years, only 44 involved safe-deposit heists.

              It’s certainly not zero, but again – in our model we’re storing a couple bits of paper which are meaningless out of context. Depending on how paranoid you are you might have multiple boxes with a n-k style recoverable password (i.e., you have n boxes of which you must recover at least k to get any meaningful information from them), further insulating you from the problems presented in the article.

              I guess my point is just to re-iterate yours, SDBs are not for valuables, they’re are other services for that that offer insurance and higher liability assumption at accordingly higher cost, but for a slip of paper with (maybe part of) a password on it? An SDB is great for that.

      2. 2

        I agree, if the USB-c is and an SSD are prefer nces/requirements, then then there is no point in having the laptop. An SSD with with an USB case would suffice.

        Metal stamp is another cool option. And has the bonus of being fun. A few years ago, I bought army dog tags and a metal stamping kit and saved my Bitcoin seeds in hex format. Although I have since sold the coins, I kept the tags for nostalgia. It did gave me piece of mind at the time.

        1. 1

          None of these are even remotely similar to what I was asking about, or solve the problem.

          1. 2

            I need a new scheme for getting my passwords back in the unlikely event all my gadgets die

            I’m confused. Everything I suggested solves this problem. That seemed to be what you were asking about. What is the actual problem you’re trying to solve?

            1. 1

              Finding the right kind of shitty laptop is the problem I’m trying to solve. The motivation for that was included just to explain why I don’t care about performance, why I do care about power interoperability, and why I want a complete laptop rather than some slapdash taped-together RPi solution. I don’t need 10 people telling me to “put a disk drive and/or letter in the cupboard” which is an obvious suggestion that I don’t think fits my needs, otherwise I wouldn’t be here hoping to find somebody who’s stumbled on a laptop that fits what I’m asking.

              I tried looking online for something based on keywords and google, but “cheap laptops” isn’t exactly a spam-free subject area, so I came here looking for recommendations.

              1. 2

                Finding the right kind of shitty laptop is the problem I’m trying to solve

                I need a new scheme for getting my passwords back in the unlikely event all my gadgets die

                We are answering the question you asked. Frankly, rather than being a dick, you should look at some of the suggestions and consider them: storing a backup laptop under your bed for 10 years in the unlikely event you’ll need it is a hell of a lot riskier than trying some of the good ideas here.

                But what the heck, you want a shitty laptop? Today is Cyber Monday in the USA. Shitty laptops are a dime a dozen. Get one and hope it works, I guess!

                1. 2

                  I’ll add that the failure rate keeps increasing as hardware gets newer. The storage might not last 10 years. If it boots at all, it could have bit errors that corrupt the passwords.

        2. 6

          If it ends up being on a computer, please put it on a spinning HDD, not an SSD. SSDs start to degrade after being powered off for a while because the electricity in it slowly dies.

          I wouldn’t recommend SSDs because they degrade slowly if they aren’t connected to power.

          1. 0

            I wasn’t aware of that, cheers. Also, thanks for actually contributing to what I was asking, rather than scolding me and telling me about some ridiculous DIY rube-golberg solution that is completely untenable, or simply “having my lawyer or my banker store it for me” along with my spare monocles.

          2. 5

            Export your password vault to a PDF or plain text, print it, put it in a sealed envelope (which shows proof of breakage when opened) and put it with your will/testament at your lawyer.

            If you don’t trust that, put a few honeypots in there that will notify you when used .

            1. 4

              What about a bible/book cipher?

              Cheap - cost of a bible and time to set it up

              Charges from x - is “powered” as long as you have a light source

              Can be stored separate from power source (e.g. A safe)

              Lifespan extension - can be photocopied or re-written to a new medium if the old one is degrading

              Physical useability, screen, keyboard and track pad all absent; storage, low capacity; performance, slow

              1. 1

                Could you elaborate on how this works? Is this where you make a secret compartment in a thicc book?

                1. 4

                  https://manansingh.github.io/Cryptolab-Offline/c7-book-cipher.html - to get an idea

                  Book cipher is about recording a code that corresponds to word or letter offsets within a particular book. The amount of offset and book can be easily accessible, but the starting position within the book is the secret.

              2. 4

                Do you really need a whole computer for that threat model? It sounds like you’re preparing for multiple contingencies at once. If you intend to use your carefully backed-up passwords would you rely on the decade-old laptop running EOL software and expired root certificates, or would you borrow or purchase a new machine that you trust?

                Assuming you have a machine, why not invest in maybe a handful of USB flash drives, perhaps the fancy ones that have both USB-A or USB-C, format them FAT32 so they can be read by anything, then store your choice of encrypted archive on that? It’s cheap and you get lots of physical redundancy by having multiple drives.

                1. 3

                  I have my passwords, encrypted, in a git repo synced to all the devices I use, plus my VPS (location in another country). I have a few thumb drives around (car glovebox, locker at work, bedside drawer) that also have the repo and the private key. I’ve given the password for the private key to my wife and to a friend, who have it in their password managers.

                  That covers me for every scenario I care about.

                  1. 3

                    What makes you think USB-C will be around for 10 years? ;)

                    1. 1

                      Compared to some proprietary charger used for one model of cheap laptop? I’d take any odds you like on that.

                    2. 3

                      Charges from USB-C, so the odds of finding a power supply 10 years from now are high

                      It is much more reliable to have two pins/screws with a label which one is positive, which one is negative, required voltage (e.g. 5 V) and amperage (e.g. 2 A). Connectors change all the time and complex protocols for negotiating power parameters are not reliable in the long term. On the other hand, you can expect that getting 5 or 12 V DC would be always possible and wires, pliers and screwdrivers will always work. Rednecks will survive :-)

                      1. 1

                        This. If you want future resiliency, look to the past for things that still exist, not the present for things that should exist.

                      2. 2

                        Print it and put them in a safe or bank deposit.

                        1. 2

                          I do not recommend, because if you get in trouble with your government*, this will be one of first things they will seize.

                          *) you may stay same, but the government may change

                        2. 2

                          Pinebook. It “charges from USB-C” if you count charging from USB-A and having an adapter, which I do. It has a user-replaceable battery, and user-replaceable eMMC or microSD storage.

                          1. 1

                            A recent post comes to mind. Not a quick and practical solution, but an enjoyable DIY project.

                            https://lobste.rs/s/zx5q47/off_grid_cyberdeck_raspberry_pi_recovery

                            1. 1

                              Buy a MicroSD Card with an USB adapter. (eg. https://www.amazon.com/Kingston-Multi-Kit-Mobility-MBLY10G2-16GB/dp/B004UG41YQ/ref=sr_1_5) Format it FAT32 or ext2, I think both will be around for quite a while. put the secrets there in utf-8 text file encoded (and optionally signed) with gpg. put gpg binaries and source codes there as well. (other commanes hint that flash based devices bitrot over time. Seems plausible)

                              Simple. Can be hidden anywhere. Secure. Cheap. Uses simple technology that will most likely be with us in a decade.

                              You can add a raspberry pie (and power adapter, and keyboard, and mouse, and hdmi cable, a display) if you like. Instead of that I’d buy a cheap used thinkpad and fire up openbsd/linux on that with full disk encryption with some fancy secure password, and stash it at the relatives. Older ones can be had for 100€s, and it will run a very simple, oldschool, but fully fledged computing environment (very slowly).

                              1. 4

                                Flash memory that isn’t powered/read/written bitrots fast; you’ll have to refresh it every 6 months to be confident it still works. Might want to do that anyways (to put new passwords in).

                                1. 1

                                  This is bad news for me, as I was just about to do what I outlined, until i read about the limited durability of flash storage here, and doing some research. You can learn a new thing anyday! Thanks!