I have a couple of questions, what do you consider picocrypt?
I use picocrypt primarily for individual files, zip files, or when sharing files with others, especially when I don’t want the file host to be able to read the file. However, it’s not something I would use instead of a container. I consider it more of an addition to the security tool belt.
Considering that I am also interested in taking a backup of my linux home folder and fedora configuration, would you consider something like BorgBase with its vorta integration (and if this is the case, would it be necessary to use a veracrypt container for it considering that borg also encrypts your backup) ?
I haven’t tried borg, so I can’t speak on it. I’m using a self-hosted version of Etesync for syncing and encryption with an offshore storage provider that accepts Monero to not link my identity to it.
For OnlyKey vs YubiKey see Jonah’s reply. Personally I prefer the OnlyKey due to the self-destruct option and the peace of mind I get from the pin security. I can wipe it quickly in an emergency or, if it falls into someone else’s hands, I know that it’s highly improbably for them to make use of it. It’s a final safeguard to protect my data.
Regarding the OnlyKey backup, I don’t mind the functionality of it. This is where Hidden Backups come in, so nobody on the outside would even know that the backups existed, which to me is an important part of my security setup
For security, the firmware on the YubiKey does not allow for secrets to be read from the device after they have been written to the device. Therefore you cannot duplicate or back up a YubiKey or Security Key.
The fact that backups aren’t possible defeats the purpose for me. Reasoning here is if a catastrophic event occurs and you lose access to all devices, or all hardware is confiscated, then I’m locked out of nearly everything.
Well you’re supposed to have 2+ Yubikeys and keep 1+ in a separate place where that won’t happen. If you’re not prepared to do that, you probably don’t need the security that hardware key provides either way?
mm I thought I was replying to the OP of this post, I didn’t see your other reply above.
There are some scenarios where the export functionality of the OnlyKey might make sense if you know what you’re doing. I just feel like lots of people will shoot themselves in the foot with that feature, which makes me hesitate to generally recommend it.
To me the use case is that it serves as a type of kill switch, which if destroyed gives me a guarantee that virtually none of my data can be access. I can maintain hidden backups for myself, so it’s unlikely if not outright impossible for someone to access it and associate it with me since they don’t even know it exists.
Key files are similar, but I still have to keep them stored locally and I would need to use something like usbkill (GitHub - hephaest0s/usbkill: « usbkill » is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.), in order to execute a script to delete the keyfiles. I used it in the past and forgot sometimes that I was running it, which was kind of annoying. Useful in situations where you’re facing a very high and possibly imminent threat though. The OnlyKey is simply easier in this situation and I’m less likely to screw up. Also it adds an additional layer of protection in the event some of my containers, passwords, and keyfiles are compromised, however unlikely that may be.
I do agree that YubiKeys are probably easier for the majority, especially those who don’t have a higher level threat model. Personally I would be worried about where to keep the spare. I understand keeping it in a separate place and the same can apply to a backup of critical files on an SD card or other storage device, but finding that place is tough for me. It’s great if you have family and/or friends or if you have some secret place, like a cabin in the woods or underground bunker, or even bury it somewhere, but that’s not useful in my case and not worth the effort when I can just buy a different type of key.
Edit: Just saw your edits
There are some scenarios where the export functionality of the OnlyKey might make sense if you know what you’re doing. I just feel like lots of people will shoot themselves in the foot with that feature, which makes me hesitate to generally recommend it.
Being a crypto project is a plus, not a con. PG’s VPN recommendation even suggests the use of anonymous crypto as one of the privacy’s minimum to qualify criteria, right?
Both are different things. you are paying using crypto not using an apple based on crypto which as far as I can tell that’s what storj is? Also, PG recommends only Monero which is well known most private crypto coin.