[Cryptography] Key escrow scheme
John Gilmore
gnu at toad.com
Tue Apr 11 16:06:43 EDT 2017
> I encrypt the RSA private key in AES 256 and store it on a cloud
> service as the first step.
This seems to me to be the single-point-of-failure-prone step. Why do
you think that the "cloud" will still deliver up this small opaque bag
of bits many years from now when the share-holders so desparately need
it? Is somebody paying the bill for that storage all along? Can that
person decline to pay, some year, and unilaterally make the recovery
key disappear? Or, if the bill-payer is authorized over this account,
can't they just submit a request to delete this blob? What happens to
your system's data when the cloud storage company fails (after clouds
are replaced by vapor, for example, as the trendy new tech company VC
fad)?
I thought that the point of secret-sharing was to distribute the
needed information in such a way that no single point of failure could
cause the information to be lost. And that e.g. a 3-out-of-7 secret
share would mean that four failures would still not disable the
ability of the remaining three to recover the secret. Thinking this
way suggests that the entire "recovery blob" should be stored INSIDE
the shared secret, rather than being encrypted by the shared secret.
John
More information about the cryptography
mailing list