When you print important crypto stuff (private keys) make sure you use a proper font and don't leave traces on your printer's hard drive and your computer's hard drive

When printing your keys make sure you use a proper font (that don't have similar characters - like "I" and "l", zero and big O).

Also don't trust your printer - some printers have hard drives. And copy of all printed documents is saved on your hard drive (and then "erased" but it still revocable using "undelete" programs) - even in Linux.

You can use this trick to prevent copies of printed pages to be written on the computer's hard drive (this is NOT applicable for printer's hard drive): 

mount -t tmpfs -o size=1G tmpfs /var/spool/cups
chmod 0710 /var/spool/cups
chown root:lp /var/spool/cups
mkdir /var/spool/cups/tmp
chmod 1770 /var/spool/cups/tmp
chown root:lp /var/spool/cups/tmp

Also you need encrypted home folder (/home/yourusername) to be safe and use tmpfs for writing the secrets before encryption.

The default installation of Linux distros like Ubuntu is not very secure if you don't know what you are doing.

For example, if you write a file "secret.txt" on your non-encrypted hard drive partition, it stays there for a long time (maybe years) even if you "delete" it.

It can be recovered by the thieves if they stole your hard drive or install malware on your computer.

Also, your swap file must be encrypted if you want to keep your private keys for yourself.

You can use tmpfs to write your secrets before encryption (if you don't have swap file or your swap file is encrypted): 

$ mkdir /home/yourusername/tmpfs
$ sudo mount -t tmpfs -o size=2G tmpfs /home/yourusername/tmpfs

It's always beneficial to invest in learning about computer security.

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Archiving private keys - TLDR version

Comments

Post a Comment

Popular posts from this blog

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Image
Flash memory is not a reliable medium for archives. Especially when there is no regular power. I have personal experience with usb flash drive not powered for weeks - one file became corrupted . (Read more here: Archiving private keys - TLDR version. ) You should always back up on paper and other mediums. Flash memory is prone to failure if it is not powered for weeks or more and if there are ionizing radiation When you write your precious private keys you should use technologies like Parchive and ZFS . And make several copies of your files. It's OK if you use your USB flash drive for another backup, but don't rely on it! Always back up on DVDs (even small files!), paper and online (after encryption with CPU and RAM intensive key derivative function like scrypt). Here is example of using the scrypt utility: $ sudo apt-get install scrypt $ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt Do not use default values of "-M" and "-t", they
Read more

Archiving private keys - TLDR version

0. Make multiple encrypted copies. On DVDs (they are better than CDs and Blu-Ray discs; DVD+R are better than DVD-R), paper, cloud services like DropBox, OneDrive, Google Drive, e-mail it to yourself and to your friends, use P2P storage services like MaidSafe, Storj and Sia , etc. 1. Use proper font when printing PGP encrypted keys on paper. 2. Flash memory (SSD, USB flash drives, hardware wallets) is less reliable when not powered regularly (i.e. every week). 3. Use error correction methods like Parchive and ZFS. 4. Print on paper or store on digital media only encrypted data. 5. Your encryption software should use CPU/RAM-intensive KDF (i.e. scrypt with secure options - do not use defaults! ). First, encrypt with scrypt and then encrypt it again with PGP (using different password!) in ASCII armor mode before print it (other methods like QR codes may not be reliable as multiple copies of the PGP ASCII armor). Do not use the same password for the PGP because it's easy to brute
Read more

[fixed] "Evolution is currently offline due to a network outage."

Evolution is currently offline due to a network outage. Evolution will return to online mode once a network connection is established. If you have this error when updating your system (for example, from Ubuntu 14 to Ubuntu 16), the solution is to run Evolution with this command: evolution --force-online That is usually related to a combination of evolution, dbus, and NetworkManager. With all three installed the idea was that NM would say whether it had a working network or not over dbus. Tools like evolution would ask on dbus about the state of the network and switch to online or offline as networks were hotplugged. This breaks down when the network isn't managed by NM but NM is still running. Such as when /etc/network/interfaces is configured to use ifupdown instead. If NM is running then it won't have any networks under its control and it fails to recognize that the system does actually have a network running outside of its control. It will respond to evolution
Read more

"The Uncensored Hidden Wiki" fake replica!

Image
I found out that there is a fake version of "The Uncensored Hidden Wiki". On the fake version some links are changed with fake websites. I suppose they are trying to steal your login credentials. I compared the "Financial services" pages on both wikis and found out that they changed the URL of the "Hidden Answers". However, the fake replica of "Hidden Answers" don't work at the moment.   Genuine (supposedly): http://gxamjbnu7uknahng.*****/wiki/index.php/Financial_Services Fake: http://uhwiki36pbooodfj.*****/wiki/index.php/Financial_Services   Please note that I do not guarantee which of the above URLs is "genuine" and don't assume that any of them are "safe". Maybe both of them are "fake", I don't know. Here are some examples of differences: Screenshots are from Meld . Visit "The Uncensored Hidden Wiki" or any other *.onion website at your own risk. I do not endorse and do not reco
Read more
[ad removed]