oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 06:46:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make this more concise and abstract

Browse source
This commit is contained in:
prism_breaker 2024-11-26 11:52:04 +00:00
parent 2852997276
commit d61d174c96
1 changed files with 39 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

182
opsec/moneroinheritance/index.html
View file

@ -76,155 +76,51 @@
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Theory</b></h2>
<p>Next we will create 3 containers with key files to store our seed. Key file is a veracrypt feature, which will be used to encrypt your container. For a veracrypt randomly generated keyfile it has extremely strong randomness, and makes brute force impossible. It is impossible to unlock the container without the keyfile.</p>
<h2><b>Theory and setup</b></h2>
<p>The plan is to setup a plan when your family find out you died, <b>they can recover your crypto</b>. You will need <b>2 lawyers</b> to setup this plan. But our plan will utilize some cryptography tools so <b>neither your lawyer or your family members</b> can access your crypto not as you intended.</p>
<p>We will use a cryptography tool called <b>veracrypt</b>, if you have never heard of this tool, familiarize it with this tutorial <a href="../veracrypt/index.html">veracrypt tutorial</a>. Familiarize with how this tool works and how to play with it.</p>
<p>We will assume you already know to create veracrypt containers and how to mount them</p>
<p>The plan is to achieve a <b>2/3</b> multisig scheme. Which means we will have <b>3 keys</b>, and we should be able to access our wallet with <b>any 2 key</b>. </p>
<img src="Encryption.jpg" class="imgRz" style="width: 500px">
<p>First you will need to think about a password, then we will use veracrypt to create 3 key files. Each container will be encrypted using combination of different key files and the same password.</p>
<p>Volume 1 : password + key file 1 + key file 2</p>
<p>Volume 2 : password + key file 2 + key file 3</p>
<p>Volume 3 : password + key file 1 + key file 3</p>
<p>Then you copy the seed file to each of the container</p>
<p>You will keep key file 1, and the containers at home, or at any place that is discoverable by your family members. You need to tell your family members about the encryption password. You can also upload these containers to the cloud, since you can be confident about the encryption, because they will very likely survive the post quantum era. A cloud backup on your icloud or family member's web drive makes it possible to recover your assets when your home get destroyed in a disaster.</p>
<p>You will handle key 2 and key 3 to two different lawyers in different countries, and ask them to send it to your family members when you die officially.</p>
<p></p>
<p>First you need to thing about a <b>password</b>, and you need to <b>remember</b> this, and you should notify your family members about this and make sure they also remember it.</p>
<p>Then use veracrypt to generate <b>3 keyfiles</b>, keyfiles will be random files generated by veracrypt. They have size of 1024kb and is highly random, so your container is <b>impossible to open</b> without them. </p>
<p>We will use different <b>combination of keyfiles and the password</b> to encrypt the containers</p>
<p>Choose to create a new volume, click next until you see the keyfiles option</p>
<img src="10.png" class="imgRz" style="width: 600px">
<p>We will try to generate 3 random keyfiles</p>
<img src="11.png" class="imgRz" style="width: 600px">
<p>Move your mouse to collect enough entropy, this is very important! The protection from cryptography will be significantly weakened if there is not enough randomness. Then set the key file size to maximum which is <b>1048576</b>. This is the maximum size utilized by veracrypt and we should use that.</p>
<img src="12.png" class="imgRz" style="width: 600px">
<p>Name your keyfile as <b>key 1</b> and save it. And repeat this step to produce <b>key 2 and key 3</b>, we will use them later</p>
<p>Like the above image, you will create containers with the same password, but use a different combination of <b>2 keyfiles</b> for each container</p>
<p style="color: red;">Volume 1 : password + key file 1 + key file 2</p>
<p style="color: red;">Volume 2 : password + key file 2 + key file 3</p>
<p style="color: red;">Volume 3 : password + key file 1 + key file 3</p>
<img src="16.png" class="imgRz" style="width: 600px">
<p><b>You will always save three containers together, this means your family member can unlock 1 of the 3 container even one keyfile is lost.</b></p>
<p>Then you need to try to unlock and copy the seed file to each of the container</p>
<p>Then you need to properly <b>distribute the keys</b></p>
<p>1.You will keep key file 1, and the local copies of containers <b>at home</b></p>
<p>2.Tell your family members about the plan, and most importantly <b>the password</b></p>
<p>3.Handle a physical copy of keyfile 2 and keyfile 3 to two different lawyers in different countries, and ask them to send it to your family members when you die officially.</p>
<p>4.Upload the containers to a <b>cloud storage</b> which is controlled by your family members as a backup</p>
<img src="KeyfileDistribution.jpg" class="imgRz" style="width: 600px">
<p>In this setup your monero can be safely inherited, and it is resistant against accidents. If one of the key file get lost, like your home or your lawyer's office get a nuclear strike or earthquake, your family members can still manage to get two key file, and can decrypt one of three containers that contains the seed.</p>
<p>In the worst case it is also impossible for lawyers to somehow collude to steal your coins because they do not have the containers and password. It is also very hard for your naughty wife/children to steal your coins, since they need to find the lawyer and get another key which will be hard if you find a trustworthy lawyer.</p>
<p>One thing you need to be careful is you have to store the containers and keyfiles on a hdd or cd/dvd, do not store it on a flash drive or ssd. ssd will lose the data if not powered for a really long time. You do not want this to happen!!!</p>
</div>
<p></p>
<p>In this setup your monero can be safely inherited, and it is resistant against accidents. Different things can happen:</p>
<p>1.The best case is you died, your family member grab your <b>local copy</b> of containers and keyfile1, and receive keyfile 2 from one lawyer. Then sucessfully decrypt to get the seed, and recovered your monero</p>
<p>2.<b>Your home is destroyed</b> in a disaster, but your family members and download the containers from the cloud. They wait until both lawyers deliver keyfile 2 and keyfile 3 to them. Then unlocked to recover your monero.</p>
<p>3.<b>One of the lawyer</b> died in earthquake, plus his office also destroyed. Your family member still have your local copy of containers and keyfile 1, and receive another keyfile from the survived lawyer. They unlocked and recovered your monero.</p>
<p>You should find lawyers in <b>different cities</b> to reduce the risk.</p>
<p>This plan prevents your lawyers to steal crypto, because they do not have the containers plus the password. Your family members also cannot access your crypto, because they only have one key.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial setup</b></h2> </br> </br>
<p>First you need monero(ofcourse!), and then export your seed. We will setup a plan that people can reliably retrieve your seed when you die. In this example I will just use the monero official gui wallet</p>
<p>In this example we create a new wallet for this</p>
<img src="1.png" class="imgRz">
<p>Next take a note of the seeds, as them are the crucial for people to recover your monero</p>
<img src="2.png" class="imgRz">
<p>Then put the seeds in a text file by using the editor you like</p>
<img src="3.png" class="imgRz">
<p>Save that file and we will use that later, and remember to do this in a trusted environment and delete that later!</p>
<p>Next is to setup veracrypt, we will use this software for encrypting your seed, veracrypt is a highly battle tested software with many features. In this setup we will use its keyfile feature mostly for achieving a multi-sig effect.</p>
<p>Down the veracrypt install pack that suits your OS, in my setup is deb. Their official site is <a href="https://www.veracrypt.fr/en/Downloads.html">https://www.veracrypt.fr/en/Downloads.html</a></p>
<p>Next do the verification, you should download the signature and import the public key. Your pubic key should have the signature of 5069 A233 D55A 0EEB 174A 5FC3 821A CD02 680D 16DE</p>
<p>First download the public key</p>
<pre><code class="nim">
$ wget https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc
--2024-11-24 10:35:28-- https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc
Resolving www.idrix.fr (www.idrix.fr)... 51.210.181.103
Connecting to www.idrix.fr (www.idrix.fr)|51.210.181.103|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5434 (5.3K) [text/plain]
Saving to: VeraCrypt_PGP_public_key.asc.1
VeraCrypt_PGP_publi 100%[===================>] 5.31K 23.4KB/s in 0.2s
2024-11-24 10:35:31 (23.4 KB/s) - VeraCrypt_PGP_public_key.asc.1 saved [5434/5434]
</code></pre>
<p>Then import and verify its fingerprint</p>
<pre><code class="nim">
$ gpg --import VeraCrypt_PGP_public_key.asc
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: key 0x821ACD02680D16DE: 1 signature not checked due to a missing key
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
gpg: key 0x821ACD02680D16DE: public key "VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) <veracrypt@idrix.fr>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
$ gpg --fingerprint
/home/user/.gnupg/pubring.kbx
-----------------------------
pub rsa4096/0x821ACD02680D16DE 2018-09-11 [SC]
Key fingerprint = 5069 A233 D55A 0EEB 174A 5FC3 821A CD02 680D 16DE
uid [ unknown] VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) <veracrypt@idrix.fr>
sub rsa4096/0x200B5A9D26878A32 2018-09-11 [E]
sub rsa4096/0x0F5AACD65483D029 2018-09-11 [A]
</code></pre>
<p>Finally verify the package to make sure it is authentic, and install it. You need to see the "Good signature from "VeraCrypt Team...", otherwise do not proceed</p>
<pre><code class="nim">
$ gpg --verify veracrypt-1.26.14-Debian-12-amd64.deb.sig veracrypt-1.26.14-Debian-12-amd64.deb
gpg: Signature made Mon 26 Aug 2024 09:40:36 PM UTC
gpg: using RSA key 5069A233D55A0EEB174A5FC3821ACD02680D16DE
gpg: Good signature from "VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) <veracrypt@idrix.fr>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5069 A233 D55A 0EEB 174A 5FC3 821A CD02 680D 16DE
</code></pre>
<pre><code class="nim">
sudo apt install ./veracrypt-1.26.14-Debian-12-amd64.deb
</code></pre>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Encrypted container setup</b></h2> </br> </br>
<p>Next choose volume option in menu, and create a encrypted file container.</p>
<img src="4.png" class="imgRz" style="width: 600px">
<p>We will choose to create a standard volume here, since this is only for inheritance nor for fighting CIA.</p>
<img src="5.png" class="imgRz" style="width: 600px">
<p>Choose a location to save your container and then continue</p>
<p>For the encryption algorithm I strongly recommend to choose multiple encryption layers, since this prevents an algorithm is backdoored or broken in the future.</p>
<img src="7.png" class="imgRz" style="width: 600px">
<p>For the volume size just choose 10MB since this is only for saving a piece of text</p>
<img src="8.png" class="imgRz" style="width: 600px">
<p>Then create a strong and easy to remember password at this step</p>
<img src="9.png" class="imgRz" style="width: 600px">
<p>Next choose the key file option</p>
<img src="10.png" class="imgRz" style="width: 600px">
<p>We will try to generate 3 random keyfiles</p>
<img src="11.png" class="imgRz" style="width: 600px">
<p>Move your mouse to collect enough entropy, this is very important! The protection from cryptography will be significantly weakened if there is not enough randomness. Then set the key file size to maximum which is 1048576. This is the maximum size utilized by veracrypt and we should use that.</p>
<img src="12.png" class="imgRz" style="width: 600px">
<p>Name your keyfile as key 1 and save it. And repeat this step to produce key 2 and key 3, we will use them later</p>
<p>If you have done this correctly, you should have 3 key files like this</p>
<img src="13.png" class="imgRz" style="width: 600px">
<p>Then come back to the creation of container 1, choose the use keyfiles option</p>
<img src="14.png" class="imgRz" style="width: 600px">
<p>Select keyfile 1 and keyfile 2 as planned in the theory part</p>
<img src="15.png" class="imgRz" style="width: 600px">
<p></p>
<img src="16.png" class="imgRz" style="width: 600px">
<p>At the format stage move your mouse like what you have done for keyfile, and then format the volume.</p>
<img src="18.png" class="imgRz" style="width: 600px">
<p>Now you have completed the setup of container 1, just repeat the above steps, using the same password but with different combination of keyfiles as stated in the theory part. You should get container 2 and container 3 after this.</p>
<h2><b>Inheritance</b></h2> </br> </br>
<p>After all the hard work, now we will store the seed.</p>
<p>You should try to decrypt your containers to make sure they really work!</p>
<img src="20.png" class="imgRz" style="width: 600px">
<p>Select container 1 in the menu, select a slot and click mount</p>
<img src="21.png" class="imgRz" style="width: 600px">
<p>Then enter the password, and insert the keyfiles</p>
<img src="22.png" class="imgRz" style="width: 600px">
<p></p>
<img src="23.png" class="imgRz" style="width: 600px">
<p>Click ok and if nothing goes wrong your container should be decrypted and visible in the file explorer.</p>
<p>Now copy your seed into the container and unmount it. You should repeat those above steps, test container 2 and container 3, and copy the seed into them.</p>
<p>All the work is done now, you should pack up all the containers, put them in a hdd or burn them on a cd, and do a cloud backup of containers(do not upload your keyfile!). Store the keyfile 1 with your local copy of containers, and write done the password and notify your family members. If your family members are not familiar with crypto or programming, you should also write down a detailed note how to decrypt the container plus how to restore monero with seeds, and possibly how to dump them on kraken to convert back to fiat :-(</p>
<p>Final step is to contact two independent lawyers in different countries, and send them a physical copy of your keyfile. Now you can comfortably sleep, because you know your crypto will still be used by someone when God judges your life in heaven.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
</div>
</div><!-- /row -->
</div> <!-- /container -->