I was once locked out of some pretty important accounts while traveling overseas. Ever since then, I've been thinking about the importance of being able to "shard" both secrets and authority.
If I were to be imprisoned, for example, I might want my lawyer and family to be able to access all of my emails from two years ago up to one week ago. If I were to suddenly die, I would want my family to have full access to all of my accounts, with little hassle.
I would like to be able to tell my email provider (through my account settings) that if at least two people out of each of these three groups agree that such-and-such condition has been met, then these people will be granted this sort of access. The process would notify the other members of the groups I defined and have a delay to allow some kind of veto/vote if there is any disagreement. It may be a bit fiddly, but if a standard were defined for how the interaction works from a user's perspective (including steps to make sure you understand the consequences of how you've configured it), at least it could work consistently across all kinds of accounts.
here you can see how I'm using Shamir Secret Sharing, I gave clear instructions on how to use the shares and in what circumstances.
based on their dynamics, I'm feeling pretty good. I know I have some people there that are tech savvy + some that will take good care of their shares and when they should send those to whom.
I was wondering, how much do you trust these tools? Cryptography can be extremely tricky to implement. For example, has the tool been checked for side-channel attacks? Has it had any other audits? (On the GitHub page of the library, it says it's no longer maintained)
I trust it enough no solve my DR scenario. If I was targeted by the NSA, I don't expect this to keep me safe.
I don't think SecretSharingDotNet has had any audits, and I'm pretty sure i hasn't been checked for side-channel attacks. I couldn't find anything in GitHub [1] saying it's no longer maintained though.
I'm pretty sure a well founded attacker would be able to hack me, but I think it's orders of magnitude more likely that I'll forget my master password, I'll get stolen, my apartment will catch on fire or I'll just die. Those are the scenarios I'm preparing for.
If I were to be imprisoned, for example, I might want my lawyer and family to be able to access all of my emails from two years ago up to one week ago. If I were to suddenly die, I would want my family to have full access to all of my accounts, with little hassle.
I would like to be able to tell my email provider (through my account settings) that if at least two people out of each of these three groups agree that such-and-such condition has been met, then these people will be granted this sort of access. The process would notify the other members of the groups I defined and have a delay to allow some kind of veto/vote if there is any disagreement. It may be a bit fiddly, but if a standard were defined for how the interaction works from a user's perspective (including steps to make sure you understand the consequences of how you've configured it), at least it could work consistently across all kinds of accounts.