simon at josefsson.org
Thu Mar 20 11:30:26 CET 2008
Phil Sutter <sutter at informatik.hs-furtwangen.de> writes:
> With beginning of this month I've started writing my diploma thesis
> about implementing Secret Sharing in GnuPG.
Cool! Good luck.
> What is your current attitude towards an implementation?
One thing that would concern me that this may modify code which is quite
security critical. Having your patches make only the minimal necessary
changes in the code path is likely to make your patches more acceptable.
Make the behaviour optional, and if the user haven't enabled the
feature, the code one would have to audit to convince your patch doesn't
introduce any problem should be small.
There are some aspects of secret sharing that aren't clear to me. For
instance, would your implementation require that all the shared pieces
be available locally in a file? One could invent ideas which involved
network access instead of local access, but I'd be quite concerned with
security and authentication in that case.
If you post a short write-up with more details about how you intend to
implement this, I think you will get feedback that will help you to
avoid spending time implementing sub-optimal ideas.
More information about the Gnupg-devel