On Sat, 31 Jul 2010, Jakob Schlyter wrote: > The DNS root key is stored in HSMs. The key backups (maintained by ICANN) > are encrypted with a storage master key (SMK), created inside the HSM and > then split among 7 people (aka "Recovery Key Share Holders"). To recover the > SMK in case of all 4 HSMs going bad, 5 of 7 key shares are required. > (https://www.iana.org/dnssec/icann-dps.txt section 5.2.4) > > According to the FIPS 140-2 Security Policy of the HSM, an AEP Keyper, the > M-of-N key split is done using a La Grange interpolating Polynomial.
A minor nit... his name was "Lagrange" (one word), not "La Grange" (2 words). See http://en.wikipedia.org/wiki/Lagrange for further details. Lagrange interpolating polynomials are widely used in non-crypto numerical computations (solving differential equations and suchlike). -- -- "Jonathan Thornburg [remove -animal to reply]" <[email protected]> Dept of Astronomy, Indiana University, Bloomington, Indiana, USA "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
