'Person' as in Section 13

[Ian G Batten]

This is a multi-part message in MIME format...

------------=_933971399-15404-0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Md5: mMebVzHWAqJmEgPfSSII2w==

In article <783D93998201D311B0CF00805FEAA07BF54E2C@RED-MSG-42>,
Paul Leyland  <ukcrypto@maillist.ox.ac.uk> wrote:
> If the keys were so important to a company, would it not be wise to have
> them split between multiple parties specifically to prevent any single
> employee releasing them without authorization?  Several "n from m" schemes
> are available, such that any n persons can recover a key but any n-1 cann=
ot.

I'm always amazed that these mechanisms aren't better known and more
widely used.  I've got it ready to roll for splitting the root password
to the big systems here so that engineers in when there's no support
around can Do Stuff, without being able to act other than in concert.

Build an ``any three from five'' encoding:

captain-flack:/u/igb/src/share 21:17:41 (525)
$ echo hello world | ./solve.pl -e 3 7
1 cEEa9IBe23Iq-zCFVhyWq6YpgTG1iuF8OTo0BZqapQ7/37
2 eGQPKqveJBiQlGgr9nJIpBNLDWmNbx8Chytc9k3osvY/8N
3 ggL50jT-fQZlKt9wQsGv7IGdfidvR+U8c0RmGc0a7iV/44
4 hqpXToL0DMH1j1bT2wplvpBN81fbii3CBcxreBgykdY/7T
5 h9OrpE8KRouM8dtxHyWcCIAue3rPv2v9qbxqQtUt-g7/8O
6 ioVyA6YpUIlG6+YtRAc7rBChDoPovhkEHXRlrSR0Ask/62
7 idLhpIg1NIgJgNEIuAh1Z6Hcf7lWf7vaqtta6L+5BLF/4R

Now decrypt:

captain-flack:/u/igb/src/share 21:19:05 (527)
$ ./solve.pl -d << \XXX
(528) --> 2 eGQPKqveJBiQlGgr9nJIpBNLDWmNbx8Chytc9k3osvY/8N
(528) --> 4 hqpXToL0DMH1j1bT2wplvpBN81fbii3CBcxreBgykdY/7T
(528) --> 6 ioVyA6YpUIlG6+YtRAc7rBChDoPovhkEHXRlrSR0Ask/62
(528) --> XXX
-
hello world

but

captain-flack:/u/igb/src/share 21:19:28 (528)
$ ./solve.pl -d << \XXX
(529) --> 2 eGQPKqveJBiQlGgr9nJIpBNLDWmNbx8Chytc9k3osvY/8N
(529) --> 6 ioVyA6YpUIlG6+YtRAc7rBChDoPovhkEHXRlrSR0Ask/62
(529) --> XXX
/
S!c{^9lx0":=3D7QpIW@UW"s>egg3Kf

[[ My code also allows the generation of a password with each share,
the MD5 of which is added to the subkey: this allows people to store
their share on line and their password off-line. ]]

My code's horrible, but if anyone's interested, they're welcome to it.=20=
=20

ian

------------=_933971399-15404-0
Content-Type: application/pgp-signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Description: PGP Information

-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: SN5zJ1JgKtg/QAvMK8rousGYV2+qn15D

iQB1AwUBN6tFx8oy0yij3IvtAQFeLgMArxCmQcHOM7oYAijcPNNjE1IlOC8io03o
HenIfv2PZQdjdtWQOe0u/AyOKbaKj1v5zvZ2eM9NWM20aMyBd7F78mYwUHRHY8gY
l641S50lXQAjK6LhR/xet5d17/UEvfGj
=PRrO
-----END PGP MESSAGE-----
------------=_933971399-15404-0--