Sharing/Storing a private key

Doug Barton dougb at
Mon Dec 16 23:41:52 CET 2013

On 12/15/2013 04:58 AM, Peter Lebbing wrote:
> On 14/12/13 21:14, Leo Gaspard wrote:
>> Maybe if you explained what the limitations of ssss are...?
> My guess is the fact that ssss only supports secrets up to 1024 bits; if you
> want to share a larger secret you need to do a hybrid approach where you
> symmetrically encrypt the data and then use secret sharing for the randomly
> chosen encryption key.
> If I understand Mindiell's message right, his implementation works for larger
> secrets.
> But I don't see why you wouldn't just use ssss and the hybrid approach.

I haven't looked at Mindiell's software, but one argument against what 
you're suggesting is that it's only as secure as the encryption used in 
step 1 of the hybrid approach. The ability to apply SSS to the entire 
secret would be quite valuable, although your concern about entropy use 
is something that should be addressed explicitly.


More information about the Gnupg-users mailing list