Protecting private key on USB flash drive: how to? // secret-sharing
Roscoe
eocsor at gmail.com
Tue May 13 08:24:40 CEST 2008
I would have thought the 'secret' in shamirs secret sharing scheme
could be an arbitrary piece of data?
On Mon, May 12, 2008 at 1:28 PM, <vedaal at hush.com> wrote:
> Roscoe eocsor at gmail.com
> wrote Mon May 12 09:02:32 CEST 2008 :
>
> >> For my curiosity, has anyone used threshold (split-key)
> >> crypto for key protection?
>
> > http://point-at-infinity.org/ssss/ works good for passwords to
> keys :)
>
> no,
> the Shamir split-key/secret sharing,
> works for shares of 'keys',
> not for passwords
>
> here is a quote from the site:
>
> =====[begin quote]=====
> Note that Shamir's scheme is provable secure, that means: in a
> (t,n) scheme one can prove that it makes no difference whether an
> attacker has t-1 valid shares at his disposal or none at all; as
> long as he has less than t shares, there is no better option than
> guessing to find out the secret.
> =====[end quote]=====
>
> key structures are much more complex than passphrases
>
> example:
> assume a passphrase of 16 characters that is shared among two people
> each having 8 characters protected by Shamir's secret sharing
>
> even though each person cannot 'decrypt' the other person's 'share',
> (that part is true),
> each one can start from scratch and do a brute force attack on the
> other 8 characters when combined with the 8 characters already
> known, and recover the passphrase
>
> when Shamir uses the technique to share 'Keys'
> the 'key', which is far more complex than a simple password string,
> cannot be reconstructed from a brute force attack, even when t-1
> shares are known
>
> 'split-keys' have been used by pgp since 6.x,
> (usually for 'corporate signing'
> when a certain majority t/n is needed for approval of a measure,
> although it could work as well for decrypting too)
>
>
> vedaal
>
> any ads or links below this message are added by hushmail without
> my endorsement or awareness of the nature of the link
>
> --
> Need cash? Apply now for a credit loan with fast approval.
> http://tagline.hushmail.com/fc/Ioyw6h4d9GyhnVARCGdPmzeVF7VYG3XQdmdONDdZwRPnO8sWSVh0pp/
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
More information about the Gnupg-users
mailing list