[HacktionLab] Electronic sealed envelope system?
Brent
thebrentc at gmail.com
Sun Nov 4 15:58:59 UTC 2012
Hi
Thanks all! Yes, I'd thought about secret sharing, nice little tutorial
Alan.
A related idea is the 'deadswitch', where if someone doesn't check in to a
system regularly it emails a preset message out.
Guess I'll try a combo of getting trusted persons to remember it and maybe
secret sharing over more secure email providers only. It's opportunity to
do some security awareness with the folks i suppose.
Cheers
B
On 3 November 2012 15:04, penguin <penguin at riseup.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi Brent
>
> I don't know of a technical solution. The only thing I can think of is
> to break the passphrase into a number of smaller components and each
> person only has one component. That way, at least several people
> (except you, who will know the full thing) are needed to recreate the
> full passphrase.
>
> Not sure if I've explained this, so here's an example ...
>
> You know the full thing: mypassphrase
> Persons A & B know this: 1:mypa
> Persons C & D know this: 2:ssph
> Persons E & F know this: 3:rase
>
> So (other than you) any person will need to contact 2 others to get
> the full password. Obviously it's not 100% secure, and a major
> potential downside is that all people that have a component of the
> phrase need to know who the others are - so your 'enemy' may be able
> to see your network of people. This is either of no consequence, or
> massive, depending on your circumstances.
>
> There's also more that one way to break a password:
> https://xkcd.com/538/ ;-P
>
>
> On 03/11/12 14:00, Brent wrote:
> > Hi everyone
> >
> > Quick question, in case anyone has ideas..
> >
> > I need to selectively share a master password with a group. They
> > won't need it usually, but more than just me should know it or at
> > least have access to it.
> >
> > Assuming people won't manage to remember it, and won't get heads
> > around encrypted files or emails. Don't want to email in plain
> > text.
> >
> > So, is there a kind of electronic 'sealed envelope' system, where
> > if the envelope (with password) is opened, others get a
> > notification of the seal being broken and can then check if this is
> > ok...
> >
> > Hope that makes sense
> >
> >
> > Luv Brent, list lurker
> >
> >
> >
> >
> > _______________________________________________ HacktionLab mailing
> > list HacktionLab at lists.aktivix.org
> > https://lists.aktivix.org/mailman/listinfo/hacktionlab
> >
>
> - --
> penguin
>
> GPG key: http://tiny.cc/gpg-key
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJQlTKPAAoJEJZb6mLZ7ehDmjAP/2M6gqY1T64zGYPx9XVE+AYk
> bloQaEtQ5QSsPk6hv0HE6idKIqlExI0kMi9CqsS9NzWc9Q5HlPOLK/dQAGNqRvEE
> vDX0F6jJdM57dkrj/ps02JkMoR6F7POU/uuRc+0i3f5IZdM4Kj6Zwjlx++bUau3T
> UCMaJAfIC2K9d27JvzoHc/xbexOYPwxFoA75LfFf2coH0OSAWoc1r/TIZpOtwyqi
> MVKT5qJP/5X9ajDjc7rLfsF7NH8ugJvhjo7Ofr6qXcbfOr3XQunWdLbm5mkSfY5S
> cw7UEt6yHZcbp1Jl7cJXfTQyZCOcvaHsyC3oUhJU+912OLkmolnr89Ys7+p8WDEv
> WqLv6/0rF7Ff4skhLBkKlbbRce3YkrDBvKyKcvpPocKpdsXDTJxbG2Tby/cAoBIo
> P0C0uLqcVBN4+pL+X51iICooPADjOGTFgCuIkF76JXL88ThhGhwDZUee9tT5AkT3
> ysBXRi6DtoV2F4YmajHcPjOYaaXpfdChmMtFtP7MFxnb4eizIXcG4ctwQTM+KZAy
> HGJHrzvGNLm0D0IPpqPnIsdorepXy9FFyVrIyj6irnw46rgaxU3CNHJjfrsC6Svs
> mz+3kyoFTlvUeunf1y57Eqxx9ThNaD6vAU/Tt8UaeUzm/kI4sGoOaYq/FM+dYCCl
> 6oizAOfSSTX/jGLAH7iE
> =+ULv
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.aktivix.org
> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20121104/027eea5c/attachment.html>
More information about the HacktionLab
mailing list