[Cryptography] A two key file/program
netsecurity at sound-by-design.com
Fri Jun 14 01:35:39 EDT 2019
On 6/9/2019 5:18 PM, Ángel wrote:
> On 2019-06-08 at 19:38 -0700, Allen Schaaf wrote:
>> Hi Vitor and the rest of you,
>> Thanks for the various responses. It is quite helpful in clarifying my
>> Not being a programmer, some of the answers are beyond me, alas.
>> One thing that I now realize that I did not include is the need for
>> more than just two people to access the file. Just for discussion,
>> lets assume that there are five people, A, B, C, D, E, with an access
>> key. What is needed is one of the ten combinations to cover the the
>> presence/absence issues. So A/B, A/C, A/D, A/E, B/C, B/D, B/E, C/D,
>> C/E, D/E, all ten possibilities would cover presence possibilities.
> Shamir's Secret Sharing can do that.
> As stated however, by sharing the passwords you are weaking your
> process. Suppose that when auditing the account for 'John', the pair A/B
> found some crookedness. This could be that John made that. Or that C/D
> did that with John account. Or D/E. Or even A/E, and A is now knowingly
> blaming another employee for its miscreants.
> And even if John was the guilty on, he will claim he is not and sue
> back, and you cannot prove otherwise.
You are quite correct that this is possible. The only protection
is that every time a pair logs into the file that has the
passwords a record of the time this is done is kept externally as
well as a record of the access to the financial system using that
user name and password. Since two people can not access the
financial records at the same time the hacking done that way can
only happen off hours or during a lunch break. Most certainly not
a perfect scenario but it helps. Fortunately the staff, even the
manager, are not very computer savvy, but you are correct that it
needs to be paid attention to.
This email has been checked for viruses by Avast antivirus software.
More information about the cryptography