From 99a5321aab580b2caa62559d3b6c016ccf15eb70 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sat, 11 Mar 2017 11:34:46 -0400
Subject: idea from Thomas S

---
 TODO | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/TODO b/TODO
index 7b56c90..5ddc006 100644
--- a/TODO
+++ b/TODO
@@ -98,3 +98,13 @@ Encryption tunables changes:
   disaster. HKDF may prove more robust in the face of partial SHA-2 breaks.
   Deferred for now until tthere's some other reason to change keysafe's
   tunables.
+* Thomas S points out that All-Or-Nothing Transform could be used to 
+  prevent recovery of a partial key, when not all chunks are available to
+  an attacker. https://en.wikipedia.org/wiki/All-or-nothing_transform
+  For this to add security, there would need to be enough storage locations
+  that they can be partitioned into at least three sets, with the chunks split
+  amoung the three. One chunk probably contains the actual private
+  key material, a second signatures and other cruft, and the last chunk
+  would contain the AONT key. This would require all three sets of servers
+  to combine their material to crack the key. It would then make sense to
+  chunk even small keys.
-- 
cgit v1.2.3