Re: ***HUGE*** security hole??!! (Re: Lost root passwd)
On Mon, Oct 19, 1998 at 09:51:43AM +0100, Paul Crowley wrote:
> George Bonser <grep@shorelink.com> writes:
> > My problem with encrypted filesystems is that if you loose the key, you
> > might as well mkfs the drive.
>
> There are ways around this. You could, for example, break the key
> into five pieces using a secret sharing scheme and put them in five
> different secure places, arranging that three of the pieces are needed
> to reconstruct the key.
I read some really cool articles on a system like this called coded
replication earlier in the year. You use a communications code which
has redundancy built in to encrypt the data; eg each byte could be split
among 5 machines, with 3 being needed for an access. So as long as any
3 are available, you have 100% availability. If one machine goes down
it can rebuild. If one machine is stolen, they don't have enough parts
to get the data out. If the network is split, the people with less than
half the keys can't write anything, so there are no integrity problems.
Hamish
--
Hamish Moffatt VK3TYD hamish@debian.org, hamish@rising.com.au
Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5
CCs of replies from mailing lists are welcome. http://hamish.home.ml.org
Reply to: