Key safety vs Backup : History of a bad day (key-restoration problem)
atom at smasher.org
Sun Oct 28 11:42:48 CET 2007
On Sun, 28 Oct 2007, Robert J. Hansen wrote:
> Ack! Ack! One time pads! Ack!
> I really, really wish the Vernam cipher was either lesser known or
> better known. If it was lesser known, fewer people would advise ever
> using it. If it was better known, more people would understand its
> phenomenal shortcomings.
> Point blank: unless you can spend a lot of money on training and
> infrastructure, you are almost always better off using conventional
> crypto. The Vernam cipher is /expensive/ to use properly, precisely
> because it is so unforgiving of any kind of failing.
> The secret sharing idea isn't a bad one, but using the Vernam cipher to
> do it is a very bad idea. The Shamir Secret-Sharing Protocol works
> much, much better for this purpose.
used for general purpose crypto; yeah, it sucks. as you mentioned the
training and infrastructure required to deploy it make it impractical. but
the only skill required to hold a share of a secret is to not lose it, and
maybe to destroy it if needed. training and infrastructure issues don't
1) there are some very simple OTP applications that let you use your
favorite random sources (lava-lamp, cosmic-ray detector, CCD camera
watching traffic, etc) and generate cipher text. maybe someone is using an
RSS from slashdot as a random source, but it's just as easy to use a
decent source of entropy.
2) AFAIK the shamir secret sharing protocol is great in theory, but there
just aren't any practical ways to use it (read: applications). i really
don't want to do all that math by hand any time a want to break a secret
into shares, or reassemble them.
i wouldn't generally advocate a vernam cipher for encrypting messages, but
i think it is the best real-world-practical way to do secret sharing (at
least until someone builds an application that ~uses~ a real secret
sharing algorithm). the only practical drawback is that it doesn't support
thresholds... if one share is missing the secret cannot be recovered. the
only way around this is to make sure that each share is held by more than
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"The hottest places in hell are reserved for those who in
times of great moral crises maintain their neutrality."
-- Dante Aleghieri (1265-1321)
More information about the Gnupg-users