[Cryptography] A two key file/program

Allen Schaaf netsecurity at sound-by-design.com
Sat Jun 8 22:38:38 EDT 2019 

On 5/17/2019 2:29 AM, Vitor Jesus wrote:
> you can use Shamir thresholds for that but I have never seen 
> any commercial software doing it.
>
> It should not be too hard to develop a simple utility that 
> joins the 2 keys into one accepted by a password manager. It 
> just needs a bit of a well-define secure procedure.
>
> v
>
>
> ---
> Vitor Jesus
> http://www.vitorjesus.com
>
>
>
> On Fri, 17 May 2019, 06:41 Allen Schaaf, 
> <netsecurity at sound-by-design.com 
> <mailto:netsecurity at sound-by-design.com>> wrote:
>
>     Hi folks,
>
>     I'm looking for a program or file system to run on Windows
>     7/8.1/10 to keep data protected that requires two separate
>     keys
>     used at the same time to open the file. It needs to be like
>     the
>     missile launching system that was created using two
>     physical keys
>     at the same time to prevent one crazy person from starting
>     a war.
>
>     The goal for the credit union is to encrypt login information
>     used by the staff.
>
>     Each of the staff has six or seven user names and passwords
>     for
>     various local and remote systems. The manager/CEO and
>     assistant
>     manager need to enable access to each account when either
>     there
>     is a potential problem or when they are not available. One
>     example of this need is that US law requires each employee to
>     take a minimum one week vacation so that any fraudulent
>     behavior
>     will be interrupted and also that the transaction they did
>     can be
>     audited without them overseeing the audit process.
>
>     I recall that there is a system like this but I'm unable to
>     find
>     it. Given that it is a very small credit union and that it
>     functions in a lower income market it would be best if it was
>     free or low cost.
>
>     I'm President of the BoD and the primary tech support
>     person in
>     my retirement.
>
>     Thanks,
>
>     Allen
>
>     ---
>     This email has been checked for viruses by Avast antivirus
>     software.
>     https://www.avast.com/antivirus
>
>     _______________________________________________
>     The cryptography mailing list
>     cryptography at metzdowd.com <mailto:cryptography at metzdowd.com>
>     http://www.metzdowd.com/mailman/listinfo/cryptography
>

Hi Vitor and the rest of you,

Thanks for the various responses. It is quite helpful in 
clarifying my thinking.

Not being a programmer, some of the answers are beyond me, alas.

One thing that I now realize that I did not include is the need 
for more than just two people to access the file. Just for 
discussion, lets assume that there are five people, A, B, C, D, 
E, with an access key. What is needed is one of the ten 
combinations to cover the the presence/absence issues. So A/B, 
A/C, A,D, A/E, B/C, B/D, B/E, C/D, C/E, D/E, all ten 
possibilities would cover presence possibilities.

Thanks,

Allen



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20190608/ff048365/attachment.html>

More information about the cryptography mailing list