diff options
author | Joey Hess <joeyh@joeyh.name> | 2017-03-11 11:34:46 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2017-03-11 11:34:46 -0400 |
commit | 99a5321aab580b2caa62559d3b6c016ccf15eb70 (patch) | |
tree | b09f5893ba2dd1a0cfd85f3dca696126bbef3688 | |
parent | 935e271d04ecd40b0769c1619bce901271c2dac2 (diff) | |
download | keysafe-99a5321aab580b2caa62559d3b6c016ccf15eb70.tar.gz |
idea from Thomas S
-rw-r--r-- | TODO | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -98,3 +98,13 @@ Encryption tunables changes: disaster. HKDF may prove more robust in the face of partial SHA-2 breaks. Deferred for now until tthere's some other reason to change keysafe's tunables. +* Thomas S points out that All-Or-Nothing Transform could be used to + prevent recovery of a partial key, when not all chunks are available to + an attacker. https://en.wikipedia.org/wiki/All-or-nothing_transform + For this to add security, there would need to be enough storage locations + that they can be partitioned into at least three sets, with the chunks split + amoung the three. One chunk probably contains the actual private + key material, a second signatures and other cruft, and the last chunk + would contain the AONT key. This would require all three sets of servers + to combine their material to crack the key. It would then make sense to + chunk even small keys. |