I’m curious to know how people manage their different encrypted storage here. And I’m talking about the case where you really need to manage SEVERAL encrypted storages/files.
What software do you use? Where do you save your passwords (password manager/paper/other) or do you use physical keys?
In short, what’s the best combination you’ve found or recommend to cover as many attack surfaces as possible: remote, local, physical, etc.?
Nice try, FBI.
I usually use LUKS2 and a password manager with a keyfile (on the LUKS encrypted partition). The passwords for them are in my head.
Remote LUKS systems are set up with dropbear in the initramfs so I can enter passwords without being present or having access to IPMI. After a few tries the system nukes the LUKS header and I have to manually recover it from backup.
I also have an emergency password DB without a keyfile, where the password is the beginning of a chapter of a readily available book. I won’t tell you which book or which chapter though 😃
