Based on my initial research, I am afraid you are right... ;-)

Instead, would it be possible to use an Android device booted to a live OS (from a USB stick)?

Thank you for your perfect understanding of what I am implementing. Could you please elaborate on what you mean by "Provided this is set up securely"?

Hello,

I am planning to use the following XOR scheme to divide a secret into only 2 shares (I do not want to use Shamir Secret Sharing for different reasons that are beyond the scope of this post).

Here's an example of the XOR scheme I have in mind.

SECRET   =  0 1 0 1 0 0 1 0 0 0 0 1  (…)  0 0 1 1 0

SHARE 1 =  TRUNC128 (SHA512 (SECRET))

         =  0 0 0 0 1 1 1 0 0 0 1 1  (…)  1 1 0 0 1

SHARE 2 =  SECRET ^ SHARE1

         =  0 1 0 1 0 0 1 0 0 0 0 1  (…)  0 0 1 1 0

         ^  0 0 0 0 1 1 1 0 0 0 1 1  (…)  1 1 0 0 1

        =  0 1 0 1 1 1 0 0 0 0 1 0  1 1 1 1 1

SECRET   =  SHARE1 ^ SHARE 2

       =  0 0 0 0 1 1 1 0 0 0 1 1  (…)  1 1 0 0 1

        ^  0 1 0 1 1 1 0 0 0 0 1 0  (…)  1 1 1 1 1

       =  0 1 0 1 0 0 1 0 0 0 0 1  (…)  0 0 1 1 0

I have a few questions about that XOR scheme as I am building a case for using it.

1) How resistant would such a scheme be to common attack vectors (brute force...)?

2) Are there any ways to evaluate what it (or how much it) would take to break that scheme?

3) Is that scheme already used in "notably safe applications"? If that is the case, which ones?

Thanks. Now how can our customers know *for sure* that we always pay Amazon 2 years up-front?

Hello,

We are a startup about to launch a service whose purpose is to automatically send one email (with private BTC-related information) at a specific date in the future (within a 2-year timeframe). We are currently using an AWS instance to send that one email.

After initial market survey, our prospective customers mentioned they are afraid that that one email may never be sent if we go out of business.

We want to provide our customers with the insurance that that one email will be sent as planned even if we go out of business. Are there, for example, insurance policies we could subscribe to, or some (insurance) companies that would take over our Amazon instance for 2 years following our going out of business (if that happens)?

I am designing an app that allows (among other things...) users to divide a secret into 2 shards and was planning to use Shamir Secret Sharing (SSS) to do so.

However, I want to allow users of my app (who may not be coders...) to double-check--without having to audit my code--that my implementation of SSS is not flawed.

In other words, using another implementation of SSS available elsewhere (e.g. on the web, GitHub...), users of my app should ideally be able to obtain the same 2 shards as the ones provided by my app.

I understand that, considering the random data used in SSS to compute the shards, this request may not even make sense at all since it may simply be impossible by design (since SSS is not deterministic...)...

If that is indeed the case, which other reliable public (deterministic) solution/algorithm could my app use to:
a) separate a secret into 2 shards,
b) allow anyone to recompute these 2 shards outside of my app.

Thanks a lot for your kind support!