Secret Sharing

Phil Sutter sutter at
Thu Mar 20 20:04:38 CET 2008


On Thu, Mar 20, 2008 at 11:30:26AM +0100, Simon Josefsson wrote:
> Cool!  Good luck.


> One thing that would concern me that this may modify code which is quite
> security critical.  Having your patches make only the minimal necessary
> changes in the code path is likely to make your patches more acceptable.
> Make the behaviour optional, and if the user haven't enabled the
> feature, the code one would have to audit to convince your patch doesn't
> introduce any problem should be small.

Yes, of course. I don't even want to think about me compromising the
GnuPG security. Also it's surely unnecessary to bloat up the code with a
feature only relatively few people will be using. So having everything
on a modular base should be the way to go.

> There are some aspects of secret sharing that aren't clear to me.  For
> instance, would your implementation require that all the shared pieces
> be available locally in a file?  One could invent ideas which involved
> network access instead of local access, but I'd be quite concerned with
> security and authentication in that case.

Well, this is exactly the problem I'm currently working on. Security
indeed is a big problem here, as in fact secret data has to be exchanged
somehow, and in many cases this allows bad people to collect shares
until they are able to recreate the secret themselves. On the other hand
GnuPG until now is just an application without daemon-functionality. I
doubt it's economic to change this.

> If you post a short write-up with more details about how you intend to
> implement this, I think you will get feedback that will help you to
> avoid spending time implementing sub-optimal ideas.

Yes, I will do that as soon as I made up some methods of handling the
actions involved in secret sharing. I've already thought about using
existing GnuPG features for establishing secured connections, e.g. via
encrypted emails. But the implementations of this kind of delayed
communication still have to be evaluated.

Greetings, Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: </pipermail/attachments/20080320/dffc5bd5/attachment.pgp>

More information about the Gnupg-devel mailing list