Re: (Short) Intro and question
On Sat, 06 Jan 2007 13:13:32 -0800 Allen [EMAIL PROTECTED] wrote: Hi everyone, I'm Allen Schaaf and I'm primarily an information security analyst - I try to look at things like a total stranger and ask all the dumb questions hoping to stumble on one or two that hadn't been asked before that will reveal a potential risk. I'm currently consulting at a very large HMO and finding that there are lots of questions that have not been asked so I'm having fun. One of the questions that I have been raising is trust and how to ensure that that it is not misplaced or eroded over time. Which leads me to my question for the list: I can see easily how to do split key for 2 out of x for key recovery, but I can't seem to find a reference to the 3 out of x problem. In case I have not been clear enough, it is commonly known that it is harder to get collusion when three people need to act together than when there are just two. For most encryption 2 out x is just fine, but some things need a higher level of security than 2 out of x can provide. There's a vast literature on the subject. The classic paper is How to Share a Secret, by Shamir, Comm. ACM 22:11, Nov 1979. Gus Simmons published a survey of the field about 10 years ago, but I don't have the citation handy. I've always been fond of Cryptographic sealing for information secrecy and authentication, David Gifford, Comm. ACM 25:4, April 1982, but remarkably few people seem to have heard of it -- even Simmons was surprised when I mentioned it to him. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: (Short) Intro and question
Allen wrote: One of the questions that I have been raising is trust and how to ensure that that it is not misplaced or eroded over time. Which leads me to my question for the list: I can see easily how to do split key for 2 out of x for key recovery, but I can't seem to find a reference to the 3 out of x problem. Read Shamir's original paper: http://www.cs.tau.ac.il/~bchor/Shamir.html and the Wikipedia page: http://en.wikipedia.org/wiki/Secret_sharing -- Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: (Short) Intro and question
I think you are looking for the m of n solution, or commonly known as shared secret which can be implemented using shamir's or blakley's scheme. you can find a open source implementation of shamir's scheme @ http://point-at-infinity.org// or more info check out the wikipedia entry: http://en.wikipedia.org/wiki/Secret_sharing saqib http://www.full-disk-encryption.net On 1/6/07, Allen [EMAIL PROTECTED] wrote: Hi everyone, I'm Allen Schaaf and I'm primarily an information security analyst - I try to look at things like a total stranger and ask all the dumb questions hoping to stumble on one or two that hadn't been asked before that will reveal a potential risk. I'm currently consulting at a very large HMO and finding that there are lots of questions that have not been asked so I'm having fun. One of the questions that I have been raising is trust and how to ensure that that it is not misplaced or eroded over time. Which leads me to my question for the list: I can see easily how to do split key for 2 out of x for key recovery, but I can't seem to find a reference to the 3 out of x problem. In case I have not been clear enough, it is commonly known that it is harder to get collusion when three people need to act together than when there are just two. For most encryption 2 out x is just fine, but some things need a higher level of security than 2 out of x can provide. Thanks for any tips, ideas, solutions, or pointers. Allen Schaaf Information Security Analyst Certified Network Security Analyst and Intrusion Forensics Investigator - CEH, CHFI Certified EC-Council Instructor - CEI Security is lot like democracy - everyone's for it but few understand that you have to work at it constantly. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: (Short) Intro and question
On 1/6/07, Allen [EMAIL PROTECTED] wrote: One of the questions that I have been raising is trust and how to ensure that that it is not misplaced or eroded over time. Which leads me to my question for the list: I can see easily how to do split key for 2 out of x for key recovery, but I can't seem to find a reference to the 3 out of x problem. In case I have not been clear enough, it is commonly known that it is harder to get collusion when three people need to act together than when there are just two. For most encryption 2 out x is just fine, but some things need a higher level of security than 2 out of x can provide. http://freshmeat.net/projects/sharesecret/ http://freshmeat.net/projects/shsecret/ http://freshmeat.net/projects// I can't speak much about them other than when I last tested them, they were able to split and reassemble a few test cases. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
(Short) Intro and question
Hi everyone, I'm Allen Schaaf and I'm primarily an information security analyst - I try to look at things like a total stranger and ask all the dumb questions hoping to stumble on one or two that hadn't been asked before that will reveal a potential risk. I'm currently consulting at a very large HMO and finding that there are lots of questions that have not been asked so I'm having fun. One of the questions that I have been raising is trust and how to ensure that that it is not misplaced or eroded over time. Which leads me to my question for the list: I can see easily how to do split key for 2 out of x for key recovery, but I can't seem to find a reference to the 3 out of x problem. In case I have not been clear enough, it is commonly known that it is harder to get collusion when three people need to act together than when there are just two. For most encryption 2 out x is just fine, but some things need a higher level of security than 2 out of x can provide. Thanks for any tips, ideas, solutions, or pointers. Allen Schaaf Information Security Analyst Certified Network Security Analyst and Intrusion Forensics Investigator - CEH, CHFI Certified EC-Council Instructor - CEI Security is lot like democracy - everyone's for it but few understand that you have to work at it constantly. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]