Bitcoin Forum
December 15, 2024, 12:15:27 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: SSSS + Share / Key Retrieval  (Read 2240 times)
Envrin (OP)
Sr. Member
****
Offline Offline

Activity: 318
Merit: 251



View Profile
May 08, 2014, 09:08:55 AM
 #1

I would imagine many people use SSSS (http://point-at-infinity.org/ssss/), especially those with sites that have a live wallet, correct?  Basically, your private key / wallet password is split up into multiple shares, and spread around to multiple servers.

I'm curious, is there a common method / practice to securely retrieve the shares from their source?  Obviously, don't store the location of each share on one server, and spread the location amongst the servers as well.  Maybe encrypt the shares with multiple iterations of PGP or AES256.  Maybe don't even store the share in encrypted format, and instead use a mathematical algorithm to generate it?  Then obviously, lock it down by IP address, etc.

Anyway, say you have a live wallet server, and it needs to unlock to complete a send, hence it needs T shares.  My only concern is, if the wallet server can get access to all T shares needed, then so can hackers.  What's the best way for the live wallet server to retrieve those shares from the remote servers?  Is there any standard procedure used, or not really, and I'm on my own to figure it out?

Thanks in advance!


TierNolan
Legendary
*
Offline Offline

Activity: 1232
Merit: 1104


View Profile
May 08, 2014, 09:18:21 AM
 #2

I would imagine many people use SSSS (http://point-at-infinity.org/ssss/), especially those with sites that have a live wallet, correct?  Basically, your private key / wallet password is split up into multiple shares, and spread around to multiple servers.

Armory allows you to split up your root key.  Each share is printed to a piece of paper.

Quote
I'm curious, is there a common method / practice to securely retrieve the shares from their source?

This seems like a pretty big weakness.  You have to combine all the shares together to actually spend anything.

Multi-sig has better protection in that regard.  You can share the transaction, but you don't need to combine all the shares in one place.

Quote
My only concern is, if the wallet server can get access to all T shares needed, then so can hackers.

For maximum security, you should have an offline computer.  The shares are spread out for backup purposes.  You only use them if you lose your password to the offline computer.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
SherdonIke
Newbie
*
Offline Offline

Activity: 66
Merit: 0


View Profile
May 08, 2014, 09:35:26 AM
 #3

Could each share be printed to a piece of paper without Armory?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!