[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] A two key file/program





On Fri, May 17, 2019 at 1:40 AM Allen Schaaf <netsecurity AT sound-by-design.com> wrote:
Hi folks,

I'm looking for a program or file system to run on Windows
7/8.1/10 to keep data protected that requires two separate keys
used at the same time to open the file. It needs to be like the
missile launching system that was created using two physical keys
at the same time to prevent one crazy person from starting a war.

The goal for the credit union is to encrypt login information
used by the staff.

Each of the staff has six or seven user names and passwords for
various local and remote systems. The manager/CEO and assistant
manager need to enable access to each account when either there
is a potential problem or when they are not available. One
example of this need is that US law requires each employee to
take a minimum one week vacation so that any fraudulent behavior
will be interrupted and also that the transaction they did can be
audited without them overseeing the audit process.

I recall that there is a system like this but I'm unable to find
it. Given that it is a very small credit union and that it
functions in a lower income market it would be best if it was
free or low cost.

I'm President of the BoD and the primary tech support person in
my retirement.

Thanks,

Allen

Splitting keys is fairly straightforward, Shamir secret sharing does the job.

But that doesn't meet your requirements as stated and to get the best solution you probably want to step back and look at the security of the system rather than the security of the passwords. Passwords are a terrible security mechanism to be avoided whenever possible. Unfortunately, that is rarely possible right now.

I am working on a system that might eventually be relevant but is not going to be ready for that type of application this year.
_______________________________________________
The cryptography mailing list
cryptography AT metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography