[GTALUG] Dice Keys

[Christopher Browne]

Here's a cool thing I saw recently...

https://www.schneier.com/blog/archives/2020/08/dicekeys.html

The intention of this parallels the various Bitcoin "Solid Steel Passphrase
Wallet" items that were popular a year or so ago
(See https://www.toughgadget.com/bitcoin-crypto-metal-recovery-seed-wallets/,
https://www.buybitcoinworldwide.com/wallets/steel/ )

It's a case for a set of 25 dice that looks like a Boggle game set; it will
generate and "record" what ought to be a Sooper Seekrut key as would be
used for things like:
 - master key for password manager
 - U2F key for 2 Factor Authentication
 - Secret key for cryptocurrency wallet

By being a set of dice with a nice plastic box to hold them securely, this
is not vulnerable to various threats common to electronic devices:
 - EMP (for those highly worried about nuclear devices)
 - Water damage

Of course, if all your disk drives get toasted, there might not be any data
left to decrypt or systems to connect to.  And plastic will melt away or
burn when exposed to fire...

But it's pretty cool, I'm tempted to grab a set.

There's a web app: https://dicekeys.app/

It appears that this application, embedded in a single JavaScript file,
runs locally, inside your browser, so that usual criticisms about it being
a giant security vulnerability of sharing your key with their web site
seems like it mightn't apply.  How to confirm in an authoritative way that
nothing is *actually* shared seems like the fun security question.
-- 
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20200828/c7c2f284/attachment.html>