On 14/12/13 21:14, Leo Gaspard wrote: > Maybe if you explained what the limitations of ssss are...?
My guess is the fact that ssss only supports secrets up to 1024 bits; if you want to share a larger secret you need to do a hybrid approach where you symmetrically encrypt the data and then use secret sharing for the randomly chosen encryption key. If I understand Mindiell's message right, his implementation works for larger secrets. But I don't see why you wouldn't just use ssss and the hybrid approach. For one, it uses much less entropy, since Shamir's secret sharing algorithm requires a lot of it, I believe proportional to the size of the data to be shared. I haven't checked the code by Mindiell, but this sounds like a potentially big issue. It seems to me the hybrid approach is better. Since ssss supports the hybrid approach, I don't see the need for a new tool. I do see use for a much simpler tool that makes the hybrid approach more accessible: pick a random key, and use that for invocations of both (openssl or gnupg) and ssss. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
