Protecting private key on USB flash drive: how to? // secret-sharing

Roscoe eocsor at gmail.com
Tue May 13 08:24:40 CEST 2008


I would have thought the 'secret' in shamirs secret sharing scheme
could be an arbitrary piece of data?


On Mon, May 12, 2008 at 1:28 PM,  <vedaal at hush.com> wrote:
> Roscoe eocsor at gmail.com
>  wrote Mon May 12 09:02:32 CEST 2008 :
>
>  >> For my curiosity, has anyone used threshold (split-key)
>  >> crypto for key protection?
>
>  > http://point-at-infinity.org/ssss/ works good for passwords to
>  keys :)
>
>  no,
>  the Shamir split-key/secret sharing,
>  works for shares of 'keys',
>  not for passwords
>
>  here is a quote from the site:
>
>  =====[begin quote]=====
>  Note that Shamir's scheme is provable secure, that means: in a
>  (t,n) scheme one can prove that it makes no difference whether an
>  attacker has t-1 valid shares at his disposal or none at all; as
>  long as he has less than t shares, there is no better option than
>  guessing to find out the secret.
>  =====[end quote]=====
>
>  key structures are much more complex than passphrases
>
>  example:
>  assume a passphrase of 16 characters that is shared among two people
>  each having 8 characters protected by Shamir's secret sharing
>
>  even though each person cannot 'decrypt' the other person's 'share',
>  (that part is true),
>  each one can start from scratch and do a brute force attack on the
>  other 8 characters when combined with the 8 characters already
>  known, and recover the passphrase
>
>  when Shamir uses the technique to share 'Keys'
>  the 'key', which is far more complex than a simple password string,
>  cannot be reconstructed from a brute force attack, even when t-1
>  shares are known
>
>  'split-keys' have been used by pgp since 6.x,
>  (usually for 'corporate signing'
>  when a certain majority t/n is needed for approval of a measure,
>  although it could work as well for decrypting too)
>
>
>  vedaal
>
>  any ads or links below this message are added by hushmail without
>  my endorsement or awareness of the nature of the link
>
>  --
>  Need cash? Apply now for a credit loan with fast approval.
>  http://tagline.hushmail.com/fc/Ioyw6h4d9GyhnVARCGdPmzeVF7VYG3XQdmdONDdZwRPnO8sWSVh0pp/
>
>
>  _______________________________________________
>  Gnupg-users mailing list
>  Gnupg-users at gnupg.org
>  http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



More information about the Gnupg-users mailing list