Sharing/Storing a private key
Peter Lebbing
peter at digitalbrains.com
Sun Dec 15 13:58:58 CET 2013
On 14/12/13 21:14, Leo Gaspard wrote:
> Maybe if you explained what the limitations of ssss are...?
My guess is the fact that ssss only supports secrets up to 1024 bits; if you
want to share a larger secret you need to do a hybrid approach where you
symmetrically encrypt the data and then use secret sharing for the randomly
chosen encryption key.
If I understand Mindiell's message right, his implementation works for larger
secrets.
But I don't see why you wouldn't just use ssss and the hybrid approach. For one,
it uses much less entropy, since Shamir's secret sharing algorithm requires a
lot of it, I believe proportional to the size of the data to be shared. I
haven't checked the code by Mindiell, but this sounds like a potentially big issue.
It seems to me the hybrid approach is better. Since ssss supports the hybrid
approach, I don't see the need for a new tool. I do see use for a much simpler
tool that makes the hybrid approach more accessible: pick a random key, and use
that for invocations of both (openssl or gnupg) and ssss.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list