Cryptography Reference
In-Depth Information
Secret Sharing in Practice
Ferguson and Schneier write in [FergSchnPract, 22.9] that secret sharing is
hardly used because both its implementation and use are too complex. I don't
share this opinion. While the protocol is surely an overkill for everyday pur-
poses, it does solve an important problem for critical secrets that is often
overlooked: it can handle the fluctuation of employees. When employees leave
their company, they can take along passwords, and they might have procured
encrypted data from outside the company. In this case, changing the passwords
in arrears is of little help! Secret splitting would help in such a case, though
with the drawbacks we already know: no subkey must ever be lost, and if a
key has to be changed (due to termination of employment), then all other keys
have to be changed, too.
Secret sharing could be used to implement the following concept.
•
Critical data are encrypted with a session key generated automatically,
and this key, in turn, is encrypted with a universal key, which is created,
for example, by three out of five employees on a computer via secret
sharing, but only in the memory of one computer.
•
If one of these five employees leaves the company, then the session key
is decrypted on that computer (which is doable because there are still four
bearers of the secret), a new universal key is generated and re-encrypted
together with the session key (and added to the encrypted files).
•
The new universal key is split into five subkeys via secret sharing, and
these subkeys are distributed among the four previous employees and one
new bearer of the secret. From this moment onwards, the subkey owned
by the former employee becomes worthless.
More measures are required in practice, though. I implemented the following
additional measures in a contracted project.
•
Subkeys are divided into number groups and printed, and checksums
are added. The resulting number sequences were relatively long, and
only memory artists can memorize such numbers (I didn't test for this
capability, though).
•
The printouts were packed in sealed envelopes in the presence of wit-
nesses and handed out to different persons who kept them in different
places (safes).
