

- #Printing passwordsafe passwords install#
- #Printing passwordsafe passwords full#
- #Printing passwordsafe passwords password#
- #Printing passwordsafe passwords series#
FileAE is created and stored without opening it.
#Printing passwordsafe passwords password#
Person C is not opening the file, so he doesn’t know the PK.īase64 /dev/urandom | dd of=filePK bs=64 count=1Īs soon as Person C didn’t see neither the password nor the Password Key, he/she is creating the ‘Encrypted Password (AE)’ using the Password (A) and Password Key (PK) files.

Two persons create a Password and store it in a file (fileA) (on host we have prepared fileA and folders recover and split for demo)Īnother Person (Person C) creates the Password Key (PK) and stores it in a file (filePK).

#Printing passwordsafe passwords install#
The procedure can be performed in Ubuntu OS run in Docker.Īpt update & apt upgrade -y & apt-get install gpg ssss -y
#Printing passwordsafe passwords full#
To avoid single person to know the full password, 2 persons are creating the Password (A) by typing only half of it, then Password is saved as a fileA. Additionally, SHAMIR scheme allows to create new set of ‘shares’ (SK) without changing the secret, which gives an opportunity to create a new set if one of custodians is not trustworthy anymore.Ĭreation of the passwords and keys issuing Remembering that the Password Key (PK) is not the Password (A)itself and it is only a key to decrypt the main Password (A), such scenario is more secure and reliable. The benefit of SHAMIR scheme is that if the Password Key (PK) will be broken in 5 pieces (SK) and only using 3 of them can be rebuilt, disclosure of 1 or 2 pieces of that (SK) key is not so critical and will not lead to Password Key (PK) disclosure. The Password Key (PK) used for encryption can be destroyed after storing the 'SHAMIR shared keys (SK)'.

#Printing passwordsafe passwords series#
Using the SHAMIR scheme, it is possible to break the Password Key (PK) into 5 pieces which can be distributed over 5 different Persons, using, for example, hardware security USB sticks (YubiKey Bio Series - FIDO Edition) or password safes. To encrypt the password the 'Password Key (PK)' comes in place which is required for decryption. The Password (A) must be encrypted using not less than AES256 algorithm which eliminates the risk and makes the password unbreakable. Let's say, our Master Password is 'Password (A)'. So, taking in consideration those risks, let's deal with it. The secret is split into multiple parts, called shares, which individually should not give any information about the secret. Shamir's Secret Sharing Scheme Shamir's Secret Sharing (SSS) is used to secure a secret in a distributed way, most often to secure other encryption keys. The method is good enough, but too complicated and requires that both of those sticks will be kept safe and obviously they might not survive some disaster, so if usb-stick (or envelope with part of the password) will be broken/destroyed, password is lost. That’s why usually the master-passwords are hidden same way – encrypted, broken into pieces, each stored on protected usb-stick which requires fingerprint to open it… stick itself kept in vaults located in different DCs. In Russian folklore there are a fairytales about so-called Koschei the Deathless ( ) – whose life is on top of the needle, so to kill him the hero must find that needle which is kept in a egg, egg in duck, duck in rabbit, rabbit in chest and chest is hang on some chain on a tree on some island.
