blob: 1a2871f4d7d47bbf82c12d8d5027c09166f54ca6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[[!comment format=mdwn
username="joey"
subject="""comment 1"""
date="2017-04-04T16:19:10Z"
content="""
You can use --totalshares and --neededshares to configure how many shares
keysafe splits the key into. See also
[[detect_number_of_required_shares_on_restore]].
Bear in mind that colluding servers still have to guess the name used to
find the shares to combine, and even then they still have the expensive
work of cracking the password ahead. Splitting the secret across servers is
only an initial line of defense.
It's debatable whether having a lot of servers would add much security.
But, keysafe needs more servers in any case. With more than 3 servers,
splits like 3-of-4 and 2-of-4 become usable; these and other parameters are
probably useful in some cases.
"""]]
|
