Sharing/Storing a private key
Doug Barton
dougb at dougbarton.us
Mon Dec 16 23:41:52 CET 2013
On 12/15/2013 04:58 AM, Peter Lebbing wrote:
> On 14/12/13 21:14, Leo Gaspard wrote:
>> Maybe if you explained what the limitations of ssss are...?
>
> My guess is the fact that ssss only supports secrets up to 1024 bits; if you
> want to share a larger secret you need to do a hybrid approach where you
> symmetrically encrypt the data and then use secret sharing for the randomly
> chosen encryption key.
>
> If I understand Mindiell's message right, his implementation works for larger
> secrets.
>
> But I don't see why you wouldn't just use ssss and the hybrid approach.
I haven't looked at Mindiell's software, but one argument against what
you're suggesting is that it's only as secure as the encryption used in
step 1 of the hybrid approach. The ability to apply SSS to the entire
secret would be quite valuable, although your concern about entropy use
is something that should be addressed explicitly.
Doug
More information about the Gnupg-users
mailing list