On Wed, 18 Nov 2009 at 15:09:07 +0000, Daniel Silverstone wrote: > If you lose a number of shares equal-to-or-greater-than the number > required to reconstruct the share, it might arguably provide you with a > short period of time in which to revoke those keys. I'd be quite happy > to receive a patch which offered an option of sequential vs. randomised > share numbers.
I think a more compelling rationale for non-sequential share numbers is that it makes it more difficult for an attacker to determine how many shares there were, and what the threshold is. The distinction isn't arbitrarily between share numbers, it's between 0 and every other share number; in theory, the zero'th share should be equal to the secret itself. It seems that the splitting function doesn't output the secret as foo.000, though... perhaps foo.000 ends up containing uninitialized memory? The code does have some confusion between 0 meaning share number 0, and 0 meaning "a share that was not supplied". S
signature.asc
Description: Digital signature