[Cryptography] Always keep a second browser installed and up to date.

Tom Mitchell mitch at niftyegg.com
Tue Dec 5 12:03:29 EST 2017 

On Tue, Dec 5, 2017 at 1:00 AM, Alexandre Anzala-Yamajako <
anzalaya at gmail.com> wrote:

> While I think it is a good advice for browser I don't know that it is
> valid for keys. Key management is hard. There is no reason to keep 2 sets
> of keys if you manage them similarly. So basically while we already suck at
> handling one set of keys you re advocating handling 2 sets of keys
> separetaly. And then use the second set while it might have very well been
> compromised.
> Not a good advice IMHO
>

I agree that this is not perfect advice.   I would backtrack to the "Key
management is hard" bit.
Key management is situational.  Key loss is more difficult than key
compromise for most.
I have an 84 year old neighbor and I have advised her to put her email
passwords on paper
in an easy to find place.
Her brother's cell phone is a recovery resource for her online accounts he
also has
power of attorney over most of her life.
Key management is situational.

Phones, that is also a tangle, they are used for more and more multi part
auth schemes.
What if her brother's phone is lost?  His and her data is at risk.
A phone is a single device and a single battery that is always bouncing off
<10% when you need
it most.  Stolen phones have a market even if it is to scrap and grab the
screen for 3rd party repair.
I keep all my old phones and have Google, Microsoft and other
authenticators active on at least
one of the old devices.

A business today needs to think very hard about personal devices that
unlock business
secrets.   As a minimum is there a sturdy locker for each employee big
enough to hold
laptops, expensive stuff or sensitive bits during lunch.  How is a personal
device's key set transfered
back to the company.

I now have chargers in my car for my phone and friends with different
plugs.

I have been keeping a multitude of do I remember things on an encrypted text
file.   I have been using blowfish2 for low value mumble foo stuff.   I
like the
handy way vim and its link view allow me to organize and access random
cruft that
Password Safe (tm) is slightly difficult to work with.   I can email myself
or
scp the file to multiple devices as needed. Vim runs on an iPhone and an
older version
of vim with only blowfish runs on Android.

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171205/b288fd72/attachment.html>

More information about the cryptography mailing list