On Sat, May 9, 2015 at 10:46 AM, Todd Goodman <t...@bonedaddy.net> wrote: > > As for keys, you could use Amazon's AWS Key Management Service. > Of course they could be sitting there gathering keys, but at some point > you either have to trust they'll do what they say or simply decide not > to use them at all (IMNHO.)
That is really intended more for credentials used for hosted systems to communicate with other services/each other/etc. If you have to have your credentials in the cloud, then you might as well have a somewhat secure way to manage them. However, that is clearly inferior to not putting credentials in the cloud in the first place. > > You could also use AWS Key Management for backup data you want > "reasonably" secured and then your own keys for data you want more > highly secured (hopefully much smaller so the verify costs are more > reasonable.) > I just don't frequently verify my backups. I'm willing to trust Amazon to have my data when I ask for it. That is their entire business model with S3 and they're probably one of the stronger links in the data security chain. If I'm going to be paranoid about that, I'm going to probably have other things I'd prefer to improve first. I keep copies of my backup keys in a few places. My thread model is somebody hacking my account looking for personal data (finances/keys/whatever). If they hack into Amazon they won't have the necessary keys. If somebody manages to steal one of my keys in safekeeping elsewhere, they won't have access to any of the data encrypted using the key. If the NSA or whoever is going to access my Amazon data and also ask my bank to open my safe deposit box or whatever, then more power to them. I run a tor node, so they've probably rooted my box anyway. -- Rich
