Aberdeen Group - Home
Splitting Secrets — “Three may keep a secret, if two of them are dead”
Derek Brink, Vice President and Research Fellow IT Security
OCT 15, 2012 10:09 AM
A+ A A-

“Three may keep a secret,” observed Benjamin Franklin, in his Poor Richard’s Almanack, “If two of them are dead.”Instead of sharing the same secret among multiple parties, what if there was a way to divide a secret among multiple parties without ever disclosing the secret itself?

This is the basic idea, announced this week at RSA Conference Europe 2012, behind RSA Distributed Credential Protection, which is designed to eliminate a single point of compromise by scrambling, randomizing, and splitting sensitive data across multiple locations.

In the context of recent large-scale compromises of passwords at high-profile brands such as LinkedIn, eHarmony and Yahoo! – see my related blogs “Salt With Your Hash = Better for You (Your Passwords, That Is”), “453,492 More Passwords Compromised … How Many More?“. and “Does the Invisible Hand Apply to IT Security?” – RSA Distributed Credential Protection is a new and innovative tool in the risk management toolbox for the companies managing the servers that contain our passwords, the answers to the “what was your high school mascot” questions that reset our passwords, account profile information, and other stored secrets.

By scrambling, randomizing and splitting secrets into two locations – and in the future, we can anticipate support for more than two – the compromise of a single server would be useless, and the simultaneous compromise of multiple locations would be much less likely.

For a fun (to me, at least!) exercise in secret-splitting that you can carry out yourself, try out the secure code splitter template from Dirk Rijmenants’ web page on Cipher Machines and Cryptology. It will allow you to split a secret (e.g., a combination lock, or a phone number, or a message) into the hands of multiple parties without disclosing the secret to any of them individually – and reassembling the secret will only be possible when all the parties agree on putting their elements together.

I am already making plans to incorporate secret-splitting into the annual challenge that my three children have to solve in order to receive their most-desired Christmas presents. Under the right circumstances, all the King’s horses and all the King’s men really CAN put Humpty-Dumpty back together again!

Derek Brink
Vice President and Research Fellow
IT Security

[%= name %]
[%= createDate %]
[%= comment %]
Share this:
Please login to enter a comment: