20 Jul
2014
20 Jul
'14
1:38 p.m.
On Sun, Jul 20, 2014 at 02:31:40PM +0100, Adam Spiers wrote:
On Sun, Jul 20, 2014 at 02:17:10PM +0100, Iain R.
Learmonth wrote:
With a few minutes more consideration, it occurs to me that the
mechanism for sharing the encrypted file would need to be made a
little more resilient than "stick it on a webserver". For example any
number of things could go wrong with the webserver, and if the
deceased was the only one with access to the information required to
recover data from it (hosting account details, root password etc.)
then the information could become unrecoverable. However,
distributing it to multiple places with disparate geographical
locations and access methods should take care of that.
On Sun, Jul 20, 2014 at 02:03:20PM +0100, Adam
Spiers wrote:
Awesome answer, thanks! Exactly the kind of thing I was looking for -
I knew this list would produce something good :) How do you ensure that your online data is
handled correctly if you die?
Encrypt a text file containing all passwords and instructions using GPG
symmetric encryption with the key derived from a passphrase. This encrypted
file can be left on a webserver safely.
Encode the passphrase using ssss[1] and then share the parts around people
you trust. Instruct these people to never all travel in the same car
together.
When you die, one of them has to be technically competent enough to
reconstruct the original passphrase from the parts and then decrypt the
instructions and the passphrase.
The nice thing about this method is that you can keep updating the encrypted
file without needing to contact all the people every time.
Iain.
[1]: http://point-at-infinity.org/ssss/