[Cryptography] A two key file/program

[Allen Schaaf]

On 6/9/2019 5:18 PM, Ángel wrote:
> On 2019-06-08 at 19:38 -0700, Allen Schaaf wrote:
>> Hi Vitor and the rest of you,
>>
>> Thanks for the various responses. It is quite helpful in clarifying my
>> thinking.
>>
>> Not being a programmer, some of the answers are beyond me, alas.
>>
>> One thing that I now realize that I did not include is the need for
>> more than just two people to access the file. Just for discussion,
>> lets assume that there are five people, A, B, C, D, E, with an access
>> key. What is needed is one of the ten combinations to cover the the
>> presence/absence issues. So A/B, A/C, A/D, A/E, B/C, B/D, B/E, C/D,
>> C/E, D/E, all ten possibilities would cover presence possibilities.
>>
>> Thanks,
>>
>> Allen
> Shamir's Secret Sharing can do that.
>
> As stated however, by sharing the passwords you are weaking your
> process. Suppose that when auditing the account for 'John', the pair A/B
> found some crookedness. This could be that John made that. Or that C/D
> did that with John account. Or D/E. Or even A/E, and A is now knowingly
> blaming another employee for its miscreants.
>
> And even if John was the guilty on, he will claim he is not and sue
> back, and you cannot prove otherwise.
>
You are quite correct that this is possible. The only protection 
is that every time a pair logs into the file that has the 
passwords a record of the time this is done is kept externally as 
well as a record of the access to the financial system using that 
user name and password. Since two people can not access the 
financial records at the same time the hacking done that way can 
only happen off hours or during a lunch break. Most certainly not 
a perfect scenario but it helps. Fortunately the staff, even the 
manager, are not very computer savvy, but you are correct that it 
needs to be paid attention to.

Best,

Allen


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus