diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2017-08-16 11:41:25 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2017-08-16 11:41:25 -0700 |
commit | 379f036b39e0f7dac360ba04b281f6ea4ce8f20e (patch) | |
tree | 01a86517d6234562088561c3c4b51365ed722807 /doc/todo/Make_the_number_of_shard_servers_configurable/comment_1_4416f7495e2a34a3cdb6f5106beaf582._comment | |
parent | 680449e656820db2b899a8631060cf62359b9b74 (diff) | |
parent | 0229f026b1ae0344c4c052593564800035268d81 (diff) | |
download | keysafe-379f036b39e0f7dac360ba04b281f6ea4ce8f20e.tar.gz |
Merge tag '0.20170811'
tagging package keysafe version 0.20170811
# gpg: Signature made Fri 11 Aug 2017 03:58:54 PM MST
# gpg: using RSA key 28A500C35207EAB72F6C0F25DB12DB0FF05F8F38
# gpg: Good signature from "Joey Hess <joeyh@joeyh.name>" [full]
# Primary key fingerprint: E85A 5F63 B31D 24C1 EBF0 D81C C910 D922 2512 E3C7
# Subkey fingerprint: 28A5 00C3 5207 EAB7 2F6C 0F25 DB12 DB0F F05F 8F38
Diffstat (limited to 'doc/todo/Make_the_number_of_shard_servers_configurable/comment_1_4416f7495e2a34a3cdb6f5106beaf582._comment')
-rw-r--r-- | doc/todo/Make_the_number_of_shard_servers_configurable/comment_1_4416f7495e2a34a3cdb6f5106beaf582._comment | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/todo/Make_the_number_of_shard_servers_configurable/comment_1_4416f7495e2a34a3cdb6f5106beaf582._comment b/doc/todo/Make_the_number_of_shard_servers_configurable/comment_1_4416f7495e2a34a3cdb6f5106beaf582._comment new file mode 100644 index 0000000..1a2871f --- /dev/null +++ b/doc/todo/Make_the_number_of_shard_servers_configurable/comment_1_4416f7495e2a34a3cdb6f5106beaf582._comment @@ -0,0 +1,20 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2017-04-04T16:19:10Z" + content=""" +You can use --totalshares and --neededshares to configure how many shares +keysafe splits the key into. See also +[[detect_number_of_required_shares_on_restore]]. + +Bear in mind that colluding servers still have to guess the name used to +find the shares to combine, and even then they still have the expensive +work of cracking the password ahead. Splitting the secret across servers is +only an initial line of defense. + +It's debatable whether having a lot of servers would add much security. + +But, keysafe needs more servers in any case. With more than 3 servers, +splits like 3-of-4 and 2-of-4 become usable; these and other parameters are +probably useful in some cases. +"""]] |