On 12/15/2013 04:58 AM, Peter Lebbing wrote:
On 14/12/13 21:14, Leo Gaspard wrote:
Maybe if you explained what the limitations of ssss are...?
My guess is the fact that ssss only supports secrets up to 1024 bits; if you
want to share a larger secret you need to do a hybrid approach where you
symmetrically encrypt the data and then use secret sharing for the randomly
chosen encryption key.
If I understand Mindiell's message right, his implementation works for larger
secrets.
But I don't see why you wouldn't just use ssss and the hybrid approach.
I haven't looked at Mindiell's software, but one argument against what
you're suggesting is that it's only as secure as the encryption used in
step 1 of the hybrid approach. The ability to apply SSS to the entire
secret would be quite valuable, although your concern about entropy use
is something that should be addressed explicitly.
Doug
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users