Sharing/Storing a private key

Peter Lebbing peter at digitalbrains.com
Sun Dec 15 13:58:58 CET 2013


On 14/12/13 21:14, Leo Gaspard wrote:
> Maybe if you explained what the limitations of ssss are...?

My guess is the fact that ssss only supports secrets up to 1024 bits; if you
want to share a larger secret you need to do a hybrid approach where you
symmetrically encrypt the data and then use secret sharing for the randomly
chosen encryption key.

If I understand Mindiell's message right, his implementation works for larger
secrets.

But I don't see why you wouldn't just use ssss and the hybrid approach. For one,
it uses much less entropy, since Shamir's secret sharing algorithm requires a
lot of it, I believe proportional to the size of the data to be shared. I
haven't checked the code by Mindiell, but this sounds like a potentially big issue.

It seems to me the hybrid approach is better. Since ssss supports the hybrid
approach, I don't see the need for a new tool. I do see use for a much simpler
tool that makes the hybrid approach more accessible: pick a random key, and use
that for invocations of both (openssl or gnupg) and ssss.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list