On Mon, Oct 19, 1998 at 09:51:43AM +0100, Paul Crowley wrote: > George Bonser <[EMAIL PROTECTED]> writes: > > My problem with encrypted filesystems is that if you loose the key, you > > might as well mkfs the drive. > > There are ways around this. You could, for example, break the key > into five pieces using a secret sharing scheme and put them in five > different secure places, arranging that three of the pieces are needed > to reconstruct the key.
I read some really cool articles on a system like this called coded replication earlier in the year. You use a communications code which has redundancy built in to encrypt the data; eg each byte could be split among 5 machines, with 3 being needed for an access. So as long as any 3 are available, you have 100% availability. If one machine goes down it can rebuild. If one machine is stolen, they don't have enough parts to get the data out. If the network is split, the people with less than half the keys can't write anything, so there are no integrity problems. Hamish -- Hamish Moffatt VK3TYD [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org