
Ask HN: Sharing passwords and SSH Keys securely - brianjking
Suggestions?
======
Nadya
Context? Limitations? Number of secret holders? Are both parties verifiable
(ie. can you exchange some information beforehand to verify identify?) Is data
retention a concern?

Email signed by PGP or a one-time pad. Can the person be trusted with a thumb
drive (and to not lose it or have it stolen)?

There's a number of ways with various security levels and I'd say most are
"secure enough". For example, I'd trust my friend with a thumb drive that had
an encrypted archive on it with a shared passphrase if the archive contained
semi-sensitive information. Why? I doubt anyone who finds the lost thumb drive
would have the technical knowledge to break into an encrypted archive and a
lengthy passphrase would make bruteforce attacks take years on the off-chance
they know how and would even try.

------
ColinWright
A few questions:

* What are your threat models?

* * Against whom are you defending?

* * Does it matter if it's cracked a year from now?

* * What resources do your attackers have access to?

* What facilities do you have?

* How technically competent are the participants?

Really, what are you asking for?

And why?

