Using one-time-pad schema it is possible to store a password (combination, account number, etc.) by dividing it into multiple parts. All parts or shares of the encrypted password must be combined before the final password may be revealed. Of course, you cannot simple cut a password in half or quarters, as this would reveal at least part of it and provide clues to finding the rest and reduce the number of combinations to try out before the final password was revealed.
Shamir's secret sharing scheme is especially useful in situations where you feel uncomfortable in sharing a secret with others and you have doubts about the reliability of some of them. You don't want one of them to misuse the secret behind the other's back. A person might be entitled to have the secret information but that doesn't mean you trust him to have full control over it. With secret splitting, misuse or unauthorized disclosure of the secret is impossible if there's at least one reliable person among the shareholders. And what's really great, more people with shares means more security, because more people have to agree on putting the shares together. That's just the opposite of sharing the secret itself, where more people means more risk.
Dirk Rijmenants has published a mathematical method of splitting a password (or another secret) among multiple people.
Computer based implementations of Shamir's Secret Sharing Scheme can be seen on these web-sites:
https://secrets.dyne.org/
http://point-at-infinity.org/ssss/
https://iancoleman.io/shamir39/
http://www.asecuritysite.com/Encryption/shamir
Don't rely on any web-site to split and restore your secrets. If the web-site is down / gone at a future time you would be unable to restore your secret from the divided shares. You can however download these programs to your local machine which gives you greater control over their use and availability in the future. Generally speaking however, I prefer the pen and paper method of secret splitting since it is always available, and more secure than a system done on a computer that could be potentially compromised.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.