[messaging] Password reset mechanisms with an SRP authentication framework

Trevor Perrin trevp at trevp.net
Tue Apr 22 12:41:30 PDT 2014


On Tue, Apr 22, 2014 at 12:11 PM, Michael Rogers
<michael at briarproject.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 22/04/14 19:47, Trevor Perrin wrote:
>>> * The friends don't have enough shares to reconstruct the key
>>> even if they collude
>>
>> They do, if n-2 >= k.
>
> Doh, sorry, I tried to generalise this from k=4, n=5 and failed. :0)
> The user should keep n-k+1 shares on her device.

Still doesn't seem right.  I think you're trying to accomplish:
 (a) The user has a key which is required for recovery
 (b) A quorum of friends is also required for recovery

I think this is better implemented by setting the final key to an XOR
of the keys recovered from (a) and (b).


Trevor


More information about the Messaging mailing list