Is this the first ever practically-deployed use of a threshold scheme?

Jerry Leichter leichter at lrw.com
Mon Aug 2 06:22:43 EDT 2010 

On Aug 2, 2010, at 2:30 AM, Peter Gutmann wrote:

> Jerry Leichter <leichter at lrw.com> writes:
>
>> One could certainly screw up the design of a recovery system, but one
>> would have to try.  There really ought not be that much of difference
>> between recovering from m pieces and recovering from one.
>
> There's a *huge* difference, see my previous posting on this the  
> last time the
> topic came up,
> http://www.mail-archive.com/cryptography@metzdowd.com/msg07671.html:
>
>  the cognitive load imposed is just so high that most users can't  
> cope with
>  it, particularly since they're already walking on eggshells because  
> they're
>  working on hardware designed to fail closed (i.e. lock everythi  ng  
> out) if
>  you as much as look at it funny....
Well ... we do have a history of producing horrible interfaces.

Here's how I would do it:  Key segments are stored on USB sticks.   
There's a spot on the device with m USB slots, two buttons, and red  
and green LED's.   You put your "USB keys" into the slots and push the  
first button.  If the red LED lights - you don't have enough sticks,  
or they aren't valid.  If the green LED lights, you have a valid key.   
If the green LED lights, you push the second button (which is  
otherwise disabled), and the device loads your key.  (The device could  
also create the USB sticks initially by having a "save key" setting -  
probably controlled by a key lock.  "Voting out" and replacing a  
segment requires a bit more, but could be designed along similar lines.)

You can use some kind of secure USB stick if you like.  The content of  
a USB stick is standard - there has to be a file with a known name and  
some simple format, so it's easy to re-create a USB stick from a paper  
copy of the key.

Since specialized hardware is expensive, you can approximate this  
process with software (assuming you get a competent designer).  You  
can get by with only one USB slot, but given the tiny cost of USB hubs  
- I can buy a complete 10-port USB hub, power adapter included,  
shipped free, for less than $16 at mertiline.com, for example (and  
that's gross overkill) - it's probably worth it to give users a nice  
physical "feel" of inserting multiple keys into multiple locks.

I just don't see the great cognitive load involved, if the problem is  
presented properly.
                                                         -- Jerry


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list