R.I.S.K.S. - Relatively Insecure System for Keys and Secrets (for Qubes OS)

[19hundreds]

I just published R.I.S.K.S. (https://19hundreds.github.io/risks-workflow). The source repo is https://github.com/19hundreds/risks-workflow .

I've been searching for a viable system for managing my own secrets since a while and I'm still on it.

Inspired by Snowden's experience with journalists, projects like Enough (https://enough.community/) and determined to contribute the way I can against digital abuses (monitoring, tapping etc.) I decided to sum up what I know in a step-by-step guide providing a reasonable setup (hopefully) for defending user's secrets.

I don't know if many feel the need for such a guide but I crafted it in the hope to be helpful to the vast majority of the audience.

I'd greatly appreciate any feedback, comment, critic and advice driven to improve R.I.S.K.S.

---

1900

[awokd]

19hundreds wrote on 1/25/19 1:43 PM:
>
> I just published R.I.S.K.S. (https://19hundreds.github.io/risks-workflow <https://19hundreds.github.io/risks-workflow>). The source repo is https://github.com/19hundreds/risks-workflow <https://github.com/19hundreds/risks-workflow> .

>
>
> I've been searching for a viable system for managing my own secrets since a while and I'm still on it.
>
>

> Inspired by Snowden's experience with journalists, projects like Enough (https://enough.community/ <https://enough.community/>) and determined to contribute the way I can against digital abuses (monitoring, tapping etc.) I decided to sum up what I know in a step-by-step guide providing a reasonable setup (hopefully) for defending user's secrets.

>
>
> I don't know if many feel the need for such a guide but I crafted it in the hope to be helpful to the vast majority of the audience.
>
>
>
> I'd greatly appreciate any feedback, comment, critic and advice driven to improve R.I.S.K.S.

Nice writeup!

[qube...@tutanota.com]

Jan 25, 2019, 1:43 PM by 19hun...@tutanota.com:

>
> I just published R.I.S.K.S. (> https://19hundreds.github.io/risks-workflow <https://19hundreds.github.io/risks-workflow>> ). The source repo is > https://github.com/19hundreds/risks-workflow <https://github.com/19hundreds/risks-workflow>>  .

>
>
> I've been searching for a viable system for managing my own secrets since a while and I'm still on it.
>
>

> Inspired by Snowden's experience with journalists, projects like Enough (> https://enough.community/ <https://enough.community/>> ) and determined to contribute the way I can against digital abuses (monitoring, tapping etc.) I decided to sum up what I know in a step-by-step guide providing a reasonable setup (hopefully) for defending user's secrets.

>
>
> I don't know if many feel the need for such a guide but I crafted it in the hope to be helpful to the vast majority of the audience.
>
>
>
>
> I'd greatly appreciate any feedback, comment, critic and advice driven to improve R.I.S.K.S.
>
> ---
> 1900
>
>
>
>

It is really interesting collection. Did you consider to:

- use the Hidden Volume function like provided in the Vera Crypt? Today in the US and GB, and more, you can be forced to unlock any encrypted partition under the threat to be locked up indefinitely. Plausible deniability of Hidden Volumes can help here. These risks are today very real.
- use some secure USB key, like Notrokey (I know, issue of trusting the vendor, but it is similar to an SD card trust). It decreases the need to remember more passphrases (all of it can theoretically sleep nicely on the secure USB). It can be used with Heads to provide an interesting protection against Evil Maid. It also decreases the behind shoulder watching of input of long-strong passwords in exposed areas. You just use few-char-pass to unlock the HD or log into the system and more.
- use even the Hidden operating system on the secure USB, like that of Nitrokey Storage.

Combining the above mentioned with your attitude, could be very interesting. You maybe considered what I mentioned and didn't opt for it for some reason. If so, why?

Nice work tbh, good luck!


>
>
>
> --
> You received this message because you are subscribed to the Google Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to > qubes-users...@googlegroups.com <mailto:qubes-users...@googlegroups.com>> .
> To post to this group, send email to > qubes...@googlegroups.com <mailto:qubes...@googlegroups.com>> .
> To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/LX4F0AN--3-1%40tutanota.com <https://groups.google.com/d/msgid/qubes-users/LX4F0AN--3-1%40tutanota.com?utm_medium=email&utm_source=footer>> .
> For more options, visit > https://groups.google.com/d/optout <https://groups.google.com/d/optout>> .
>

[kitchm via Forum]

1900, thanks for the good research.

[1900]

[I hope this message won't get lost or misplaced. This is why I keep
good part of the original message in my reply. I've recovered the
message from the Google archive and some headers have been changed for
sure, hopefully just the sender.]

qube...@tutanota.com:

>
>
>
> Jan 25, 2019, 1:43 PM by 19hun...@tutanota.com:
>
>>
>> I just published R.I.S.K.S. (> https://19hundreds.github.io/risks-workflow <https://19hundreds.github.io/risks-workflow>> ). The source repo is > https://github.com/19hundreds/risks-workflow <https://github.com/19hundreds/risks-workflow>>  .
>>
>>
>> I've been searching for a viable system for managing my own secrets since a while and I'm still on it.
>>
>>
>> Inspired by Snowden's experience with journalists, projects like Enough (> https://enough.community/ <https://enough.community/>> ) and determined to contribute the way I can against digital abuses (monitoring, tapping etc.) I decided to sum up what I know in a step-by-step guide providing a reasonable setup (hopefully) for defending user's secrets.
>>
>>
>> I don't know if many feel the need for such a guide but I crafted it in the hope to be helpful to the vast majority of the audience.
>>
>>

I apologize for the delay.

>
> It is really interesting collection.

thank you

Did you consider to:
>
> - use the Hidden Volume function like provided in the Vera Crypt? Today in the US and GB, and more, you can be forced to unlock any encrypted partition under the threat to be locked up indefinitely. Plausible deniability of Hidden Volumes can help here. These risks are today very real.

I did not consider Vera Crypt because I never used it. I wanted to
provide a solid guide so I mostly used software that I know quite well.

Plausible deniability is definitely important and RISKS does no do
enough yet about it imo.

I quickly looked up Vera Crypt manual: as far as I can see, the hidden
partition can be spotted by any attacker rather easily. I didn't study
it enough to judge or discard it.

Lately I've been thinking of an alternative solution, tell me what you
think about this. LUKS keys are small enough to be broken in few
fragments (2 to 5) and each of them could be and hidden with
steganography in one picture (chosen by the user). The pictures could be
stored on any media on an unencrypted filesystem or even (partially or
entirely) in the cloud. A script could perform the retrieve and gluing
of the fragments.

In this scenario the smartcard in mo more a necessity.

There is still the problem of hiding the laptop and the fact that it's
running Qubes but, at least, the user can travel without an encrypted
smartcard.

> - use some secure USB key, like Notrokey (I know, issue of trusting the vendor, but it is similar to an SD card trust). It decreases the need to remember more passphrases (all of it can theoretically sleep nicely on the secure USB).

(as a side note for those not knowing RISKS, it requires a very low
mnemonic effort)

It can be used with Heads to provide an interesting protection against
Evil Maid. It also decreases the behind shoulder watching of input of
long-strong passwords in exposed areas. You just use few-char-pass to
unlock the HD or log into the system and more.

Again, I'm ignorant about ad-hoc hardware and it's a choice motivated by
these reasons:

* dedicated hardware can be too expensive for some
* I have trust issues with hardware. IntelMe was the straw that broke
the camel's back. I prefer to use the stupidest piece of hardware available
* I'm also concerned with hardware reliability: what happens if the key
breaks and I'm in a situation/location where I can't get quickly a new
one? what if I don't have backups with me? Can backups be tested before
an accident happens?
* At last but not least, purchasing this kind of hardware usually
requires a credit card based purchase made over the internet. Little
anonymity. I don't even trust alternative channels different from the
producer's website: some reported cases of tampered hardware

I'd love to be proven wrong but, so far, I don't think it's a good solution.

> - use even the Hidden operating system on the secure USB, like that of Nitrokey Storage.
>

Again, I'm ignorant in this but this time not willingly. Thank you for
pointing it out, I'll give it a close look. It's a while that I'm
thinking of a good way for hiding the OS.

> Combining the above mentioned with your attitude, could be very interesting.


You maybe considered what I mentioned and didn't opt for it for some
reason. If so, why?
>
> Nice work tbh, good luck!

Thanks, you too!