Calculator Manipulator

  • 1 Post
  • 224 Comments
Joined 6 years ago
cake
Cake day: April 16th, 2019

help-circle









  • Yes, failing to safeguard keys is fatal, but that applies to everything. But if fs you’re storing keys on is behind luks and they’re readable by root only - you’re as safe enough. There’re also LSMs like selinux that can increase the complexity of attack.

    I don’t know about nitrokey specifically, but TPM is an option (not good enough, imo) and a simple luks encrypted usb. You could get some convenience by storing the key to unlock it somewhere on the encrypted root.

    In general - you cannot stop a targeted attack no matter what, but staying safe from all the automated ones is doable.




  • in case you want to tell me what I have is fine and I don’t need an upgrade

    What you have is fine and you don’t need an upgrade 😁

    But we’re not looking for fine, are we? :)

    I would keep the gpu and get as many cpu cores and ram as my budget allows. Once you cross into “stupid amount of RAM” territory you can start utilising tmpfs for transient things such as jellyfin transcode directory to:

    • preserve those precious ssd writes (not really relevant anymore)
    • make it more efficient (feels-good kind of relevant)
    • running a filesystem in ram is really cool (most relevant, naturally :D)