from Hacker News

Shamir Secret Sharing

by yankcrime on 8/11/23, 10:38 AM with 42 comments

  • by BtM909 on 8/11/23, 11:17 AM

  • by _xivi on 8/11/23, 1:23 PM

    Out of curiosity, How is this post not a [dupe] and managed to reach the front page even though it had its fair share not even 10 days ago

  • by NovemberWhiskey on 8/11/23, 11:28 AM

    >original news of our move to the US was delivered to them via a posted letter, snail mail, not FidoNet email!

    netmail, not email :-)

    As the knower of the code, for the safe, in the escorted-only data center, that contains one of our Vault key shares, this story resonates.

  • by nailer on 8/11/23, 12:48 PM

    > Solaris had a “special feature”: any passphrase entered that was longer than 8 characters long was automatically reduced to that length anyway.

    Solaris is known for having stupid defaults. I once had a box refuse to boot because the whitespace in a config file used tabs rather than spaces.

  • by AstralStorm on 8/11/23, 11:51 AM

    Oh boy, one of them classic stories of "we accidentally pushed a development setup into production".

    What's worse, partially.

  • by numair on 8/11/23, 12:05 PM

    Oh! We are finally going to talk about how PayPal was utterly owned by Russian cyber gangs that made a mockery of the idea that these guys were fraud detection geniuses?

    checks article

    Oh, wait, nevermind. More “folklore.”

  • by londons_explore on 8/11/23, 11:28 AM

    Printed out the master key and stored it in a safe...

    Wonder if that printer kept a copy...?

  • by threesevenths on 8/11/23, 11:15 AM

    This story has been posted numerous times in the last fortnight. It’s a great story but certainly undeserving of a reread

  • by seniorThrowaway on 8/11/23, 1:51 PM

    this brings up old memories of being bitten sometime by this Solaris "feature" although it's been too many years to remember the exact details. It was one of those things that made me realize Linux was actually a much more usable system from a day to day admin point of view, along with package managers.

    Edit: another one was Solaris defaulting to the obsolete unix crypt function based on the Enigma machine

  • by nickdothutton on 8/11/23, 2:44 PM

    As soon as getpass was mentioned, I knew. It’s worth reminding people that in these matters, print on paper is a weapon, know when to use it.

  • by croes on 8/11/23, 12:17 PM

    Always test with real values even passwords

  • by tonicanada on 8/11/23, 3:43 PM

    I found this topic so interesting that I wrote an article about it! https://medium.com/gitconnected/sharing-a-secret-with-polyno...

  • by EGreg on 8/11/23, 3:35 PM

    While it’s exciting to read this kind of stuff, and I am glad to see a fellow Soviet emigre come and found a company in the Valley, I have to comment on just how much control is centralized in the hands of a few people, that millions of people come to trust with their data and their money!

    This is essential commentary to Shamir Secret Sharing, because it requires a trusted dealer, unlike BLS and other bilinear technqiues.

    Look at this:

    Whatever key that was, it wasn’t the one I generated the day before: only one copy existed, the one I copied to cryptoserv from my computer the night before. Zero copies existed now. Not only that, the push script appears to have also wiped out the backup of the old key, so the database backups we have encrypted with the old key are likely useless.

    So with SSS just have to take his word for it, that he didn’t have a copy of the key back on his computer. Zero copies existed? It’s not like he made another copy of it? Surely he is a reliable narrator and we can trust that at least, right? Actually, NOPE:

    A few hours later, John, our General Counsel, stopped by my cubicle to ask me something. The day before I apparently gave him a sealed envelope and asked him to store it in his safe for 24 hours without explaining myself. He wanted to know what to do with it now that 24 hours have passed. Ha. I forgot all about it, but in a bout of “what if it doesn’t work” paranoia, I printed out the base64-encoded master key when we had generated it the night before, stuffed it into an envelope, and gave it to John for safekeeping. We shredded it together without opening and laughed about what would have never actually been a company-ending event.

    So the lawyer could have conceivably hired someone to break into the database, steal credit card numbers and salami-slice some value for years, or launch one big attack on the entire database:

    https://en.wikipedia.org/wiki/Salami_slicing_tactics

    Having ONE SET OF KEYS or passwords to access THE ENTIRE DATABASE is the epitome of the whole Digital Feudalism that we have today! But that’s what we have in Web2. Sam Bankman Fried is just one example. This is where Web3 is so different. Everyone has their own keys, and they can only do what the are allowed to by the smart contract code. You reduce the attack surface massively. You reduce the need for celebirties like Max Levchin, and his stories, as much as I like them.

    Some people on HN might dislike Web3 and smart contracts, and I do agree that blockchains arent a very efficient technology for implementing them, but the idea of being able to trust the code is crucial for our society. Otherwise, the closest we can get to it is this:

    https://signal.org/blog/private-contact-discovery/

    In an age where Google wants to implement attestations of CLIENTS in Chrome, we as a society should be demanding the other way: proving that the CODE AND DATA cannot be tampered with. SGX extensions are far worse than smart contracts to secure large amounts of value, whether it’s currency balances, votes, or other data.

    Anyway, for the crypto side I will just say that BLS signatures are far superior to SSS. I mean cryprography when I say crypto. It has NOTHING to do with blockchain, but rather with generation of private keys and verifying transactions that were posted to some decentralized network. Use BLS. SSS is outdated.

  • by testemailfordg2 on 8/11/23, 1:18 PM

    Was just reading about this SSS technique yesterday and now its on HN

  • by s1mplicissimus on 8/11/23, 11:58 AM

    umm so he had the master key printed out as backup anyway so there was never really any danger if i read correctly. clickbait?

    > Ha. I forgot all about it, but in a bout of “what if it doesn’t work” paranoia, I printed out the base64-encoded master key when we had generated it the night before, stuffed it into an envelope, and gave it to John for safekeeping.