WingNews logo WingNews GitHub [2]
top | item 39185625

Protecting Secrets from Computers (2023)

63 points| antlai | 2 years ago |dl.acm.org | reply

25 comments

order
[+] hairyplanner|2 years ago|reply
My biggest challenge as I’m getting older is remembering my long secret key.

Even with a password manager that requires me to remember only a few passphrases (personal and work being two), there is a non zero chance now that a fall and a concussion would lock me out of my password manager.

Anyone else have a solution or a suggestion for this problem?

[+] Loic|2 years ago|reply
My wife has my passphrases in her password manager and I have her passphrase in my password manager.

This is maybe not the most secure way to do it, but this is good enough for our threat model.

These are offline password managers.

[+] Vecr|2 years ago|reply
Wear a helmet and hip pads, but failing that split the password in half (as in literally the first half and the second half, don't try to get fancy with crypto) and give the halves to two people unlikely to collude. Your computer will no longer have 5th amendment protection, though.
[+] pclmulqdq|2 years ago|reply
Shamir's secret sharing with 3 separate lawyers is kind of hard to beat if you have cryptocurrency or other similar assets that absolutely need a password to recover it, and it is a relatively easy algorithm to run. Give them the same instruction sheet on how to run the algorithm, plus a different second page with their fragment of the key.

Most of the time, though, the "call us" approach actually works, and you can give your relatives power of attorney to handle this.

[+] JackSlateur|2 years ago|reply
Use the good old post-it method

Remember poe : what's hidden in plain sight is never found (and nobody is looking anyway)

[+] sirsuki|2 years ago|reply
Yes. Place the secrets in a secured (symmetric encrypted) document. Then print the password for that document and hand it to a loved one, trusted family member/friend, or lawyer.
[+] 127361|2 years ago|reply
What about reducing our usage of the Internet and using local resources instead? Personally I have local mirrors of various code repositories, and thousands of ebooks. If you want to nearly eliminate all surveillance, then you can air-gap your computer?

So we shift back from the collective (networked) systems to a more individualistic local information store? We already have local AI models, which is a step in the right direction.

[+] Clamchop|2 years ago|reply
Still reading but this is an interesting position to juxtapose with the repeated axiom that thou shalt not roll thine own crypto.

Instead, the claim here is that you cannot trust crypto that you didn't roll yourself. Indeed, maybe you should compute it by hand!

Ha! I love having my beliefs challenged.

Completely impractical but very fun.

[+] chaxor|2 years ago|reply
Only keep your passwords in your head. That way only one person can know them - you. And then, you can forget them, and now no-one knows them.

As we continually have told to and is pushed upon us by IT - this is the most secure system to have.

The one that no one can use.

[+] Logans_Run|2 years ago|reply
* Pricing

Pricing and access depends on your membership or subscriptions with ACM. Purchase this Article Purchase this Article: Protecting Secrets from Computers Terence Kelly

    Purchase Article
    Purchase Article
    Non Member$15.00
    ACM Professional Member$10.00
    ACM Student Member$5.00

    Already an acm Member? Sign In or become a member
deepdyve logo Available at DeepDyve

The Largest Online Rental Service for Scholarly Research

Price: $0.00 *

I.A. or similar link kindly requested please. TYIA