[Dev] [RFC] backups

Luke g4jc at openmailbox.org
Sat Jul 9 13:58:48 GMT 2016 

On 07/08/2016 06:21 PM, IngeGNUe wrote:
>> If it's encrypted, who holds the
>> decryption keys?  
> Decryption keys are an interesting security problem. One person could
> know the password and 10 could store the keys somewhere, BUT then you
> have 11 times (or whatever) the chance that some cracker will find it
> and brute force the keys. Since they're decryption keys, I don't recall
> any way you could set a lockout for incorrect attempts.
>
> The safest storage for keys is offline.
>
> Parabola's non-hierarchical organization conflicts with the assumptions
> of hierarchical managament most of this infrastructural software
> assumes. This is a fault of the software design, not Parabola hackers.
>
> I'm not sure how to solve this problem, but I thought I'd take a stab.

I've never tried it, but would like to bring attention to the following
two program included in Tails, which are designed to create a
non-hierarchal key arrangement for this exact purpose.

gfshare: http://www.digital-scurf.org/software/libgfshare

ssss: http://point-at-infinity.org/ssss/

To quote the algorithm:*
Shamir's Secret Sharing* is an algorithm
<https://en.wikipedia.org/wiki/Algorithm> in cryptography
<https://en.wikipedia.org/wiki/Cryptography> created by Adi Shamir
<https://en.wikipedia.org/wiki/Adi_Shamir>. It is a form of secret
sharing <https://en.wikipedia.org/wiki/Secret_sharing>, where a secret
is divided into parts, giving each participant its own unique part,
where some of the parts or all of them are needed in order to
reconstruct the secret.


In other words, no one holds the complete key, but as long as "x amount"
of developers still hold parts of the key, each one can come together to
unlock the file.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160709/568965a3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160709/568965a3/attachment.sig>

More information about the Dev mailing list