Author

Topic: SSSS + Share / Key Retrieval (Read 2240 times)

newbie
Activity: 66
Merit: 0
May 08, 2014, 04:35:26 AM
#3
Could each share be printed to a piece of paper without Armory?
legendary
Activity: 1232
Merit: 1094
May 08, 2014, 04:18:21 AM
#2
I would imagine many people use SSSS (http://point-at-infinity.org/ssss/), especially those with sites that have a live wallet, correct?  Basically, your private key / wallet password is split up into multiple shares, and spread around to multiple servers.

Armory allows you to split up your root key.  Each share is printed to a piece of paper.

Quote
I'm curious, is there a common method / practice to securely retrieve the shares from their source?

This seems like a pretty big weakness.  You have to combine all the shares together to actually spend anything.

Multi-sig has better protection in that regard.  You can share the transaction, but you don't need to combine all the shares in one place.

Quote
My only concern is, if the wallet server can get access to all T shares needed, then so can hackers.

For maximum security, you should have an offline computer.  The shares are spread out for backup purposes.  You only use them if you lose your password to the offline computer.
sr. member
Activity: 318
Merit: 251
May 08, 2014, 04:08:55 AM
#1
I would imagine many people use SSSS (http://point-at-infinity.org/ssss/), especially those with sites that have a live wallet, correct?  Basically, your private key / wallet password is split up into multiple shares, and spread around to multiple servers.

I'm curious, is there a common method / practice to securely retrieve the shares from their source?  Obviously, don't store the location of each share on one server, and spread the location amongst the servers as well.  Maybe encrypt the shares with multiple iterations of PGP or AES256.  Maybe don't even store the share in encrypted format, and instead use a mathematical algorithm to generate it?  Then obviously, lock it down by IP address, etc.

Anyway, say you have a live wallet server, and it needs to unlock to complete a send, hence it needs T shares.  My only concern is, if the wallet server can get access to all T shares needed, then so can hackers.  What's the best way for the live wallet server to retrieve those shares from the remote servers?  Is there any standard procedure used, or not really, and I'm on my own to figure it out?

Thanks in advance!


Jump to: