On 02/07/2013 08:18 AM, simo wrote: > The only problem of doing this is that you need to find out how bad for > gpg encryption it is a partial leak of a key. > Not all encryption algorithm have linear resistance to attack based on > the number of bits of the key leaked.
Nick is proposing using SSSS, which (if i understand the theory correctly) doesn't leak any information about the secret material until the correct number of pieces are assembled in one place (at which point the entire secret is available). https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing So i don't think nick's proposal should leak any of the bits of the key. That said, i haven't thought through Nick's proposal at all, so i can neither endorse nor critique it. Neat idea, though. hth, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
