Tag Archives: shamir

A proposal to manage your high value keys (including crypto wallet seeds)

BIG DISCLAIMER: This is post from a software engineer who is interested in the cryptocurrencies area but not an expert. I am not a cryptographer and the following advice may be inaccurate and even wrong in some important way. Having said that, it is written with the best of the intentions and to the best of my knowledge. Comments, suggestions and corrections are welcome.

Cryptocurrencies and other security oriented distributed systems (PGP keys management, SSH keys, SQRL, KeeypassXC password manager, etc) rely on some sort of secret that users must keep safe and outside of the reach of others as a foundation of their security model. As our world increasingly moves towards digital, these keys are becoming more and more valuable and we need to make sure we manage them responsibly.

Over the years, our industry has thrown that responsibility onto users and then it has asked them to use complex secrets and also asked them to change them frequently… This has been a huge industry mistake with obvious consequences and let me provide these two references as quick examples from a quick search: https://audit.wa.gov.au/reports-and-publications/reports/information-systems-audit-report-2018/audit-findings/ , https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic. This post is not close to fix this fundamental issue, but hopefully it gives a tool to help managing high-valuable secrets. Eg: one of these can be the unlocking key for your password manager 😉.

What are the fundamental problems to solve?

  • Human brain is bad at storing many precise pieces of information.
  • Provide a model that can be used to recover the secret in case of emergency (natural disaster, serious injury or even the death of the individual).
  • Individuals must be able to decide exactly who can access to the secret and under which circumstances.
  • Being able to operate without relying on any third party. Third parties may break the interfaces over the years or even disappear. They can also limit access to the secret or even become evil and not trustworthy.
  • If possible, it should be based on well-known mechanisms and algorithms which guarantee that the secret can be recovered after years if the specific tooling used to create it is lost or not functioning anymore in the future.
Continue reading A proposal to manage your high value keys (including crypto wallet seeds)

A single-purpose ISO to generate Shamir’s scheme secrets

In this post, I want to present my tool to generate Shamir scheme secrets reducing the risk of them being exposed or hacked. It consists in a single purpose ISO that can be used to start a VM or boot your PC from it once you burn it into a CD or a USB stick (preferred option).

Why bother?

In our day to day environment, we tend to install a significant amount of software and use it for activities that may have compromised our installation even without being aware of it. A malicious site may have been able to use a browser’s vulnerability to implant some malware, for example.

In our digital life, there are specific pieces of information that require very cautious handling. Access to them by malicious actors can result in big inconveniences or even financial loses. Some examples of this may be passphrases you may use for encryption, crypto wallets seed phrases, etc.

This tool helps you running in a minimal ephemeral environment which is more trustworthy.

Continue reading A single-purpose ISO to generate Shamir’s scheme secrets