On 23/08/2016 10:43, Richard Newman wrote:
> Under the hood there would be a bunch of shamir's secret sharing and key
> wrapping palaver to actually make things go.
>
> You mean like wrapping the user's kB with their own kA (prove ownership
> of your account) plus your friend's kB (prove non-resetness of their
> account)? Yeah, that's a dance, but it could work :)
Right, something like that. Alternately, wrap kB with an escrow
recovery key kR, shamir split the secret kR, and encrypt the different
parts of it in different ways - one part with the user's kA, one part o
with the buddy's kB, one part with answers to security questions, etc.
But at that point I may be wandering into "fun crypto games" territory
rather than "solve a user problem" territory, which does happen to me
sometimes :-P
Cheers,
Ryan
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
