On Wed, 18 Nov 2009 at 15:09:07 +0000, Daniel Silverstone wrote: > If you lose a number of shares equal-to-or-greater-than the number > required to reconstruct the share, it might arguably provide you with a > short period of time in which to revoke those keys. I'd be quite happy > to receive a patch which offered an option of sequential vs. randomised > share numbers.
I think a more compelling rationale for non-sequential share numbers is that
it makes it more difficult for an attacker to determine how many shares there
were, and what the threshold is.
The distinction isn't arbitrarily between share numbers, it's between 0 and
every other share number; in theory, the zero'th share should be equal to the
secret itself. It seems that the splitting function doesn't output the secret
as foo.000, though... perhaps foo.000 ends up containing uninitialized memory?
The code does have some confusion between 0 meaning share number 0, and 0
meaning "a share that was not supplied".
S
signature.asc
Description: Digital signature
