On Tue, Apr 22, 2014 at 9:15 AM, Michael Rogers <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi Dave, > > I've recently been thinking about a similar problem for a P2P > messaging app I'm working on, where the messages and contact list are > stored on the user's device, encrypted with a key derived from her > password. If the user forgets the password, everything's lost. > > The approach I'm considering may or may not be suitable for Inky - > it's based on some assumptions about users being able to meet face to > face, bringing with them the devices they use for messaging. But if > that sounds like it might be suitable for some of your users, here's > the idea: > > * Derive a key from the user's password > * Split the key into n shares using a secret-sharing algorithm, such > that any k shares are sufficient to reconstruct the key, 2 < k < n > * Store two shares unencrypted on the user's device > * Give the other n-2 shares to trusted friends (this can be done > in-band, and the shares can be stored in the friends' own accounts) > * The friends don't have enough shares to reconstruct the key even if > they collude
They do, if n-2 >= k. But I like the idea of doing backup with a k-of-n quorum of friends (or more generally - public keys). I would assume you know your friends' public keys, do a k-of-n share of a symmetric key used to encrypt the backup data, then encrypt each share under one of the public keys. Then store all ciphertext in a backup file you widely distribute (containing both the encrypted shares and encrypted backup data). The nice thing about this is you can use your friends for backup without ever contacting them, except in the event of recovery. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
