Sharing secrets

A `secret sharing algorithm' is a mechanism for allowing you to split up a `secret' of some type -- such as a confidential file, or a single password -- into a number of parts in such a way that the holders of those parts can reassemble the secret if they act in collaboration, but not otherwise. For example, you might split a file into five pieces so that any three of the pieces can be used to reassemble the file, but that this is impossible with only two.

Brad Threatt produced an implementation of such an algorithm, called `tontine', which is available at . I've patched this, to make the application able to produce its shares not just as binary files, but also as either Base64-encoded files or in a (very verbose) `english words' encoding. These help if you want to store the secrets cross-platform or even on paper.

You can get my version of tontine either as a tar file tontine-0.3p3.tar.gz, or as a patch tontine-0.3p3.patch against Brad's original distribution (apply the patch by unpacking the original distribution so that you have a directory tontine-0.3 and executing the command patch -p0 <tontine-0.3p3.patch).

You might also want to check the signatures of the tar file and the patch file.

Any problems with the patch should be referred to me rather than to Brad.

Have fun.

Norman Gray
2008 January 17