Cryptography Reference
In-Depth Information
•
A sealed computer without network access at a secure location was used
for activation. A script was used upon each startup to check that swapping
was disabled and only one user logged on to the system. A modified live
CD with a Linux system would be even more secure.
•
The persons handed their sealed envelopes to third parties, who sat at
this computer one after the other, opened their envelopes only there, and
typed the subkeys (an asterisk as an echo on the screen is helpful here).
A supervisor observed the entire procedure from some distance, where
he could not recognize the numbers printed.
•
Once each subkey had been entered, the printout was put back in the
envelope, freshly sealed and returned to its owner.
•
When a sufficiently large number of subkeys had been typed, the com-
putation of the universal key was initiated, followed by the decryption
of the data (where the data can be transferred on diskette or USB stick),
and the computer was then switched off. With this, the created key was
lost, because it was only in the memory.
The astonishing thing about this apparently cumbersome procedure was the
seriousness with which the employees dedicated themselves to the matter. It
seemed that the very typing of checksum-secured number sequences under
observation, and individually entering that computer room had something espe-
cially important about it. Even designers need to know that security has to do
with psychology.
So there are practical uses for secret sharing after all; it is not too complex. But
what about the implementation? The interface was not extremely hard to design,
only the algorithm itself didn't seem to be available in free software. Though
there are plenty of demo programs, they included only a little serious stuff. I'm
grateful to Sebastian Mozejko, a young cryptologist from Poland, who drew
my attention to one of these few products. However, it used IDEA — not really
an option for commercial applications.
For this reason, I sat down and developed an easy-to-use class in
Python
,
which can be used to create and use arbitrary
K
-of-
N
schemes (i.e.
K
keys
out of
N
are needed for decryption). By default, it serves for encrypting and
decrypting data held in memory, files, and data streams. The encryption itself
is handled by an external C program that uses Blowfish-128 or AES-128 (as
well as the OpenSSL library
libcrypto
). As usual, the shared secret serves only
as a master key (KEY, key encryption key), while the actual encryption uses
