Peter Gutmann wrote:
"Charles Jackson" <[EMAIL PROTECTED]> writes:
Is anyone aware of a commercial product that implements secret sharing? If
so, can I get a pointer to some product literature?
I believe at least some versions of PGP might have supported secret
sharing for key backup.
Secret sharing is also fundamentally less interesting than full-bore
threshold cryptography (using the fragments of a key without reassembling
them first). We built a threshold crypto-based certification authority at
CertCo a number of years ago, which was used for some very high
security root CAs. However, given the difficulty people have in managing
keys in general, building effective systems that allow them to manage
key fragments is beyond the range of most current commercial products.
It is something we use regularly in research systems, but only with a very
careful eye to both our motivation (there has to be, as Peter points out,
some good user reason for it), and ultimate system usability.
--Diana
It's available as part of other products (e.g. nCipher do it for keying their
HSMs), but I don't know of any product that just does... secret sharing. What
would be the user interface for such an application? What would be the target
audience? (I mean a real target audience, not some hypothesised scenario).
(This is actually a serious question. I talked with some crypto guys a few
years ago about doing a standard for secret sharing, but to do that we had to
come up with some general usage model for it rather than just one particular
application-specific solution, and couldn't).
Besides that, user demand for it was practically nonexistent... no, it was
completely nonexistent, apart from a few highly specialised custom uses we
couldn't even find someone to use as a guinea pig for testing, and the
existing specialised users already had specialised solutions of their own
for handling it.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
