zlacker

[parent] [thread] 3 comments
1. duxup+(OP)[view] [source] 2022-02-08 17:50:17
I don't understand the math but I think I have seen that style of secret management where any 3 of say 10 secrets can access something but no 2 or any 1 secret can do it.

It would seem to solve a lot of just organizational problems where "jan is out of the office today" and nobody can do the thing ... but if access is spread out among 10 people ... 3 probably are in the office when needed.

Granted I've never seen it used in production personally, not / seen it on a granular level.

replies(2): >>shagie+a1 >>london+77
2. shagie+a1[view] [source] 2022-02-08 17:54:09
>>duxup+(OP)
Hashicorp Vault uses it.

https://learn.hashicorp.com/tutorials/vault/rekeying-and-rot...

> In order to prevent one person from having complete access to the system, Vault employs Shamir's Secret Sharing Algorithm. Under this process, a secret is divided into a subset of parts such that a subset of those parts are needed to reconstruct the original secret. Vault makes heavy use of this algorithm as part of the unsealing process.

3. london+77[view] [source] 2022-02-08 18:17:37
>>duxup+(OP)
I have used it. It works. Tooling is still pretty poor. Every use, we ended up bringing the necessary people into a room, booting up an offline laptop from a sha-summed live USB, QR code scanning each of our secrets, combining them, then using the key to sign whatever we needed to sign, photographing the signature as a QR code. We use software from 2008 because an OS stack contains code from tens of thousands of developers, and we felt old software was less likely to have an active 'steal these keys and exfiltrate them via open wifi' malware.

We would first go through the process with 'dummy' keys to check everyone was happy with the process and what we were going to do (ie. which commands, what software, what exactly will be signed). We would then do it again with the real thing. And then we'd power off the computer till next time it needed to be used.

"Clunky" would be a good way to describe it... But it's hard to make it better without relying on a bunch of software we don't have the resources to audit.

replies(1): >>duxup+od
◧◩
4. duxup+od[view] [source] [discussion] 2022-02-08 18:43:25
>>london+77
Yeah it seems very much like an elegant solution whose usage would be a bit of its own kind of beast to deal with.
[go to top]