undefined | Better HN

0 pointsdwedge11mo ago0 comments

The chance of someone breaking in to steal your sensitive files is next to nil I agree.

The chance of someone breaking into your house is sadly much more likely, and them choosing to take any computers they see is almost a certainty at that point.

Your drives are unencrypted. What's your next step if you come home tonight and find the house ransacked and the server gone?

0 comments

4 comments · 3 top-level

TacticalCoder11mo ago· 1 in thread

> Your drives are unencrypted. What's your next step if you come home tonight and find the house ransacked and the server gone?

My drives are encrypted and so are my backups (with backups everywhere). But they're symmetrically encrypted with a password. The backup procedure contains a step verifying that decryption works.

Family knows the password: password is stored at different places on laminated paper (friends and family) but not alongside the backups.

Decryption of the backups is one command at the CLI (both brother and wife knows how to use a CLI and soon the kid shall too: already dabbled with it).

The one command is explained alongside the password, on the same laminated paper as the backups.

Yup I did really think this out, including rehearsals where I, literally, fake my own death (I fake a heart attack) in front of my brother and wife and I have to shut the fuck up while they open a CLI, hook up one of the backup hard disk and decrypt the backups.

Once a year we rehearse.

That way they are confident they can restore the backups. I know they can and I don't need reassuring, but they do (well less and less because know they began realizing I really thought this out).

> The chance of someone breaking into your house is sadly much more likely, and them choosing to take any computers they see is almost a certainty at that point.

Got a house break in years ago, they stole no computers.

> What's your next step if you come home tonight and find the house ransacked and the server gone?

Go to the bank, take of one my backup hard drive. Buy a computer, reinstall Proxmox, a VM, Docker CE, redeploy my infra. They still don't have the Yubikeys on my keychain. They still don't have what's on my phone.

Don't think some people here didn't plan for death / theft / etc.

dwedgeOP11mo ago

Interesting reply, but I was responding to a poster who said they don't encrypt their disks because "someone stealing your physical disks to obtain your precious family data" is a useless threat scenario and so everything should be kept in the clear.

darkwater11mo ago

If someone physically steal your things, and those were the only copies, you are screwed anyway, encryption or not. If you had copies somewhere else then it's a different story (but still, they need to be easily accessible by your loved ones). In your scenario the only threat is that the thief is interested somehow in your data and will use it against you (which might be totally possible depending on the data and your exposure, but usually those things are re-sold in some kind of pawn shop).

Also, I still think that

  p(death) > p(burglar stealing disks)

fmajid11mo ago

It can be a side-effect. Francis Ford Coppola lost all his family photos when his PC was stolen in a burglary while in Argentina to shoot “Tetro”. Of course, he didn’t have backups.

j / k navigate · click thread line to collapse