I know your being somewhat sarcastic.

My money is on the entire FAANG etc having their Thales based root CA keys compromised . I’ve been less than impressed with security measures taken around key material and/or network security in general.

Once you start really understanding the full capabilities and vulnerabilities of these commercial CA appliances , you realize how massive the attack surface is.

My current stack is Nitro key HSM with XCA on an air gapped laptop. Keep it all in a decent safe with cameras and alarm system.

I’m guessing most folks record it somewhere on their hard drive ?

For example , the post the other day with a GPG encrypted copy of the pass phrase. They entered the alphanumeric password at some point and had the pass phrase (seed phrase I guess ?) in a plain text file.

What are the best practices these days ? Anyone to follow / read for good security guides (for crypto specifically ).

Mostly this is an academic thought exercise , a “curated gentle troll” meant to get the community thinking and ideating.

As someone who’s taken many security precautions (including an air gapped offline root CA and GPG primary private key , using multiple yubikeys (one for daily use , one for more sensitive things , one for airgap ) , I take security quite seriously.

I’m always interested to discover new resources