diff --git a/opsec/moneroinheritance/Key_ready.png b/opsec/moneroinheritance/Key_ready.png new file mode 100644 index 0000000..883cb3d Binary files /dev/null and b/opsec/moneroinheritance/Key_ready.png differ diff --git a/opsec/moneroinheritance/Recovery.png b/opsec/moneroinheritance/Recovery.png new file mode 100644 index 0000000..b97a93e Binary files /dev/null and b/opsec/moneroinheritance/Recovery.png differ diff --git a/opsec/moneroinheritance/containers.png b/opsec/moneroinheritance/containers.png index 29c80d3..8a04da9 100644 Binary files a/opsec/moneroinheritance/containers.png and b/opsec/moneroinheritance/containers.png differ diff --git a/opsec/moneroinheritance/index.html b/opsec/moneroinheritance/index.html index 027ba8c..3967448 100644 --- a/opsec/moneroinheritance/index.html +++ b/opsec/moneroinheritance/index.html @@ -80,8 +80,8 @@

Theory and setup

The plan is to setup a plan when your family find out you died, they can recover your crypto. You will need 2 lawyers to setup this plan. But our plan will utilize some cryptography tools so neither your lawyer or your family members can access your crypto not as you intended.

- -

We will use a cryptography tool called veracrypt, if you have never heard of this tool, familiarize it with the official document veracrypt document. Learn how this tool works and how to play with it.

+

+

To achieve what we want, we need threshold encryption, where we need to encrypt containers and make sure that we need at least 2 out of the 3 existing keys to open them, we can use veracrypt https://blog.nowhere.moe/opsec/veracrypt/index.html, but instead of only using passwords, we'll use keyfiles

We will setup a container with password and keyfile, for these kind of container you will need both password and keyfile to open, if one of them is lost, it is impossible to decrypt

@@ -105,21 +105,27 @@

Move your mouse to collect enough entropy, this is very important! The protection from cryptography will be significantly weakened if there is not enough randomness. Then set the key file size to maximum which is 1048576. This is the maximum size utilized by veracrypt and we should use that.

-

Name your keyfile as key 1 and save it. And repeat this step to produce key 2 and key 3, we will use them later

- -

Like previously stated, you will create containers with the same password, but use a different combination of 2 keyfiles for each container

+

+

Name your keyfile as key 1 and save it. And repeat this step to produce key 2 and key 3. You shoud have 3 keyfiles now ready for being used to encrypt your containers.

+ +

+ +

We will then continue to create 3 containers, you will create containers with the same password, but use a different combination of 2 keyfiles for each container as planned

+

As a remaider, 3 containers will have a encryption setup like this

Volume 1 : password + key file 1 + key file 2

Volume 2 : password + key file 2 + key file 3

Volume 3 : password + key file 1 + key file 3

+

Add the keyfiles in keyfile option when creating a new volume

+

You will always save three containers together, this means your family member can unlock 1 of the 3 container even one keyfile is lost.

Then you need to try to unlock and copy the seed file to each of the container

-

Then you need to properly distribute the keys

+

Then you need to properly distribute the keys as follows:

1.You will keep key file 1, and the local copies of containers at home

-

2.Tell your family members about the plan, and most importantly the password

-

3.Upload the containers to a cloud storage which is controlled by your family members as a backup

+

2.Tell your family members about the plan, and most importantly the password they need to know because they still need that for container decryption.

+

3.Upload the containers to a cloud storage which is controlled by your family members as a backup. You better ask them which cloud service they use, like icloud or gdrive, and copy the containers to their devices and upload to the cloud, so they can easily find the containers through their most familiar method

4.Handle a physical copy of keyfile 2 and keyfile 3 to two different lawyers in different countries, and ask them to send it to your family members when you die officially.

In short there are 6 factors that determine the sucess of inheritance, only the keyfiles allow 1 fault to happen, so you should be really careful and make sure every part work as expected

@@ -129,7 +135,9 @@

1.The best case is you died, your family member grab your local copy of containers and keyfile1, and receive keyfile 2 from one lawyer. Then sucessfully decrypt to get the seed, and recovered your monero

2.Your home is destroyed in a disaster, but your family members and download the containers from the cloud. They wait until both lawyers deliver keyfile 2 and keyfile 3 to them. Then unlocked to recover your monero.

3.One of the lawyer died in earthquake, plus his office also destroyed. Your family member still have your local copy of containers and keyfile 1, and receive another keyfile from the survived lawyer. They unlocked and recovered your monero.

-

You should find lawyers in different cities to reduce the risk.

+

You should find lawyers in different cities to reduce the risk.

+

You can also print this down as a reference for your family

+

This plan prevents your lawyers to steal crypto, because they do not have the containers plus the password. Your family members also cannot access your crypto, because they only have one key.