1 |
On Sat, May 9, 2015 at 10:46 AM, Todd Goodman <tsg@×××××××××.net> wrote: |
2 |
> |
3 |
> As for keys, you could use Amazon's AWS Key Management Service. |
4 |
> Of course they could be sitting there gathering keys, but at some point |
5 |
> you either have to trust they'll do what they say or simply decide not |
6 |
> to use them at all (IMNHO.) |
7 |
|
8 |
That is really intended more for credentials used for hosted systems |
9 |
to communicate with other services/each other/etc. If you have to |
10 |
have your credentials in the cloud, then you might as well have a |
11 |
somewhat secure way to manage them. However, that is clearly inferior |
12 |
to not putting credentials in the cloud in the first place. |
13 |
|
14 |
> |
15 |
> You could also use AWS Key Management for backup data you want |
16 |
> "reasonably" secured and then your own keys for data you want more |
17 |
> highly secured (hopefully much smaller so the verify costs are more |
18 |
> reasonable.) |
19 |
> |
20 |
|
21 |
I just don't frequently verify my backups. I'm willing to trust |
22 |
Amazon to have my data when I ask for it. That is their entire |
23 |
business model with S3 and they're probably one of the stronger links |
24 |
in the data security chain. If I'm going to be paranoid about that, |
25 |
I'm going to probably have other things I'd prefer to improve first. |
26 |
|
27 |
I keep copies of my backup keys in a few places. My thread model is |
28 |
somebody hacking my account looking for personal data |
29 |
(finances/keys/whatever). If they hack into Amazon they won't have |
30 |
the necessary keys. If somebody manages to steal one of my keys in |
31 |
safekeeping elsewhere, they won't have access to any of the data |
32 |
encrypted using the key. If the NSA or whoever is going to access my |
33 |
Amazon data and also ask my bank to open my safe deposit box or |
34 |
whatever, then more power to them. I run a tor node, so they've |
35 |
probably rooted my box anyway. |
36 |
|
37 |
|
38 |
-- |
39 |
Rich |