Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
AONT-RS
An implementation of Resch and Plank's AONT-RS (All or Nothing Transform + Reed-Solomon) information dispersal algorithm.
Recently learned that Clevis also supports Shamir Secret Sharing, and it's in fact the only way to configure multiple pins even if they're of the same type and authority (ie. the RAID0 of SSS):
https://github.com/latchset/clevis#pin-shamir-secret-sharing
There's a cool paper-based backup tool that also uses Shamir Secret Sharing to let you distribute a bunch of paper copies to your friends to restore a file optically:
https://github.com/cyphar/paperback
> Q) This isn't really in line with how horcruxes work in the harry potter universe!
> A) It's pretty close! You can't allow any one horcrux to be used to resurrect the original file (and why would you that would be useless) but you can allow two horcruxes to do it (so only off by one). Checkmate HP fans.
Well the whole point of hurcruxes is to have backup in several places. This tool to backup your backups in several places is a much better use of the name https://github.com/chrispoole643/horcrux. Checkmate jesseduffield ;)
https://www.potter-search.com/?search=Horcrux
> “Seven! Isn’t it bad enough to think of killing one person? And in any case . . . bad enough to divide the soul . . . but to rip it into seven pieces ...”
> Lord Voldemort has seemed to grow less human with the passing years, and the transformation he has undergone seemed to me to be only explicable if his soul was mutilated beyond the realms of what we might call ‘usual evil’
The author of this tool basically took the Shamir code from Hashicorp Vault, which is pretty mainstream. If you're looking for a solid implementation, I would start there[0]. I wouldn't use the Shamir code from this repo, as it's an old version of the vault code using field arithmetic that doesn't run in constant time.
[0]: https://github.com/hashicorp/vault/blob/main/shamir/shamir.g...
We also maintain a shamirs CLI called horcrux here:
https://gitlab.com/unit410/horcrux
We decided to use Hashicorp vault's implementation of Shamirs which was the most widely used / battle tested golang implementation we could find.
I was able to find a project which appears to do exactly that: <https://github.com/atbarker/AONT-RS>
In case this method makes sense, I'm already registering the EXOrDIA name for a python package: https://github.com/juancroldan/exodia
In case this method makes sense, I'm already registering the EXOrDIA name for a python package: https://github.com/juancroldan/exordia
Related posts
- Terraform & HashiCorp Vault Integration: Seamless Secrets Management
- Ask HN: QR Codes Unsuitable for Storing Gigabytes and Beyond in Graphic Format?
- Keep it cool and secure: do's and don'ts for managing Web App secrets
- Kubernetes Secret Management
- Champion Building - How to successfully adopt a developer tool