Protecting private key on USB flash drive: how to? // secret-sharing

vedaal at hush.com vedaal at hush.com
Mon May 12 15:28:55 CEST 2008


Roscoe eocsor at gmail.com
wrote Mon May 12 09:02:32 CEST 2008 :

>> For my curiosity, has anyone used threshold (split-key)
>> crypto for key protection? 

> http://point-at-infinity.org/ssss/ works good for passwords to 
keys :)

no,
the Shamir split-key/secret sharing,
works for shares of 'keys',
not for passwords

here is a quote from the site:

=====[begin quote]=====
Note that Shamir's scheme is provable secure, that means: in a 
(t,n) scheme one can prove that it makes no difference whether an 
attacker has t-1 valid shares at his disposal or none at all; as 
long as he has less than t shares, there is no better option than 
guessing to find out the secret.
=====[end quote]=====

key structures are much more complex than passphrases

example:
assume a passphrase of 16 characters that is shared among two people
each having 8 characters protected by Shamir's secret sharing

even though each person cannot 'decrypt' the other person's 'share',
(that part is true),
each one can start from scratch and do a brute force attack on the 
other 8 characters when combined with the 8 characters already 
known, and recover the passphrase

when Shamir uses the technique to share 'Keys'
the 'key', which is far more complex than a simple password string,
cannot be reconstructed from a brute force attack, even when t-1 
shares are known

'split-keys' have been used by pgp since 6.x,
(usually for 'corporate signing'
when a certain majority t/n is needed for approval of a measure,
although it could work as well for decrypting too)


vedaal 

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

--
Need cash? Apply now for a credit loan with fast approval.
http://tagline.hushmail.com/fc/Ioyw6h4d9GyhnVARCGdPmzeVF7VYG3XQdmdONDdZwRPnO8sWSVh0pp/




More information about the Gnupg-users mailing list