Home | Blog | Yawp | Now | About

This is a collection of some of the things I've written about, recently. I am a perpetual tinker, and most of the things that I find the energy to write about are in that vein of things. This is Not a Writer's Log, but a Tinker's Notebook.

true
true

Be Kind To Your Future Self

Published on 12/03/2023, Edited on December 25, 2023 |

Everybody knows backups are important, but not everybody thinks to include relevant metadata in those backups. One particular instance where this stands out is in paper copies of sensitive information. A paranoid teenage computer enthusiast in 2013 might be tempted to, say, write down various bits of important information on a piece of paper eg bitcoin wallet seeds, hand-rolled password manager master keys, revocation certificates, et cetera. (The important things!)

The point is, often times, these bits of information may be themselves self evident in some way. Bitcoin wallet seeds are generally conformant to BIP39, and are therefore somewhat recognizable. Messages signed or encrypted via gpg generally include headers and footers that make them recognizable, even if the actual contents are just an ascii-armored random blob. These things are generally well documented, and recovering the important information is well understood. Stripping off metadata unnecessarily might cause your tools to stop working, or worse, leave you with no way to even know what you're working with in the event your memory fails you. 10 years is a long time. Do you think you can remember all the little details of whatever bizarre scheme you cooked up in the middle of the night to obfuscate what ought to be a simple plaintext note for yourself?

The point is, obfuscation isn't strictly necessary in the presence of strong crypto, under most circumstances. Obfuscation is likely to leave you scratching your head and wondering if the piece of paper you're staring at is the seed phrase for a fat bitcoin wallet or just some random nonsense you dreamed up in a fit of paranoia. And, since modern cryptography is quite good, you'll almost certainly never know. If you find yourself making hard copies of important information, you should include information about what that information is, and how to use it.

Maybe you'll get married and find yourself wondering whether you spouse is going to be able to get into your utility accounts in the untimely event of your death. For now, this is often resolveable with a copy of a death certificate, but under an uncertain future where people are increasingly beholden to automated systems, you (or your hypothetically widow) might need access to secrets that (if poorly stored) are entirely unrecoverable. Consider backing up your password manager db / secrets-share / whatever, and leaving detailed notes about how to use it.

Really, this boils down a bigger-picture issue of ignoring the entire life-cycle of important information. When you start storing secrets, you need to consider more than just the initial requirements (password criteria, key length, etc). You need to consider how you plan to use that secret, how you might need to alter it, how you might need to share it with someone, even how you or a hypothetical second actor might need to recover that secret (if you lose your memory, or your life).

Home | Blog | Yawp | Now | About