[Cryptography] A two key file/program
Phillip Hallam-Baker
phill at hallambaker.com
Sun May 19 00:01:44 EDT 2019
On Fri, May 17, 2019 at 1:40 AM Allen Schaaf <
netsecurity at sound-by-design.com> wrote:
> Hi folks,
>
> I'm looking for a program or file system to run on Windows
> 7/8.1/10 to keep data protected that requires two separate keys
> used at the same time to open the file. It needs to be like the
> missile launching system that was created using two physical keys
> at the same time to prevent one crazy person from starting a war.
>
> The goal for the credit union is to encrypt login information
> used by the staff.
>
> Each of the staff has six or seven user names and passwords for
> various local and remote systems. The manager/CEO and assistant
> manager need to enable access to each account when either there
> is a potential problem or when they are not available. One
> example of this need is that US law requires each employee to
> take a minimum one week vacation so that any fraudulent behavior
> will be interrupted and also that the transaction they did can be
> audited without them overseeing the audit process.
>
> I recall that there is a system like this but I'm unable to find
> it. Given that it is a very small credit union and that it
> functions in a lower income market it would be best if it was
> free or low cost.
>
> I'm President of the BoD and the primary tech support person in
> my retirement.
>
> Thanks,
>
> Allen
>
Splitting keys is fairly straightforward, Shamir secret sharing does the
job.
http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html
But that doesn't meet your requirements as stated and to get the best
solution you probably want to step back and look at the security of the
system rather than the security of the passwords. Passwords are a terrible
security mechanism to be avoided whenever possible. Unfortunately, that is
rarely possible right now.
I am working on a system that might eventually be relevant but is not going
to be ready for that type of application this year.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20190519/3bb191e0/attachment.html>
More information about the cryptography
mailing list