[Cryptography] Secret sharing for family members

Francis Pouatcha fpo at adorsys.de
Sat Oct 17 07:41:40 EDT 2020


>
> SSDs have a finite lifetime. but lets do this systematically:
>>
>
> Confidentiality - can anyone read the data before they should?
> Integrity - can the data be modified without detection?
> Availability - could we lose the data?
>
I wouldn't rely on any kind of solid enough cryptographic algorithm or
durable enough storage. Time is the enemy of all these properties. Adequate
solution needs a procedure with a lot of rotation of everything, starting
with the secret itself, crypto keys, storage, data, trusted  people,
transparency logs.


> UDF Shamir secrets are simply Base32 strings with separators:
>
>    f(1) = SAYN-KTFM-QSEH-5LYP-HTSI-XEV4-MFCG-E
>    f(2) = SAYR-CV3K-UBS5-PIKF-SUD2-5PGS-IR3H-6
>    f(3) = SAZH-5BO3-QPXT-AZ7Z-YHMJ-YTSZ-TI4R-O
>    f(4) = SAZR-ZV77-F4SI-SAZL-YNLV-IR2S-MKF4-I
>    f(5) = SA2O-YTOV-UIC6-C4W3-TGB5-NJ54-TVXO-Y
>
> The above are five shares with a threshold of three which may be used to
> recover a 128 bit master secret which is a sufficient work factor for the
> non quantum cryptanalysis case. If you want 256 bits, the shares will each
> be twice as long.
>
Secret sharing looks good, but is difficult to apply among common users.
Muss be wrapped into simple to use apps to fulfill its promise.

>
>
>> I wouldn't go fancy with QR codes - a technology that might fade.  Just
>> use a couple of randomly chosen worss - easy for anyone to type, easy to
>> get enough entropy for a portion of a key.
>>
>
> At this point, QR codes will be with us for the next thousand years. There
> might be a better technology but it will supplement, not replace.
>
They do not help, as those images will leak through surveillance cameras we
have installed out there.

>
>
>
>> I don't know of any stock program to do this kind of secret splitting and
>> recombining, but the algorithms are simple enough.  You could include a
>> listing of such a program on the sheet of paper just in case the program
>> itself isn't readily available years from now.  I'd suggest FORTRAN as it's
>> likely to survive us all. :-)
>>
> Just as our earth spins, we will have to rotate everything, including
programming languages. None of the protocols shall depend on a specific
programming language anyway.

-- 
Francis Pouatcha
Technical Lead
adorsys GmbH & Co. KG
https:// <https://adorsys-platform.de/solutions/>www.adorsys.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20201017/c571d26d/attachment.htm>


More information about the cryptography mailing list