

 Red October crypto app adopts “two-man rule” used to launch nukes - jgrahamc
http://arstechnica.com/security/2013/11/red-october-crypto-app-adopts-two-man-rule-used-to-launch-nukes/

======
tedivm
I'm amused how much this is being upvoted, when it was died a few days ago
with no decision. Then again, a few days ago no one had changed the title to
mention launching nukes.

Since I'm assuming a CloudFlare person is watching this thread, I've been a
bit curious about when they plan on releasing that database of SSL
certificates they promised almost a year ago.

> Going forward, in addition to releasing the directory of intermediate SSL
> certificates on Github, we plan on releasing our SSL bundler as a free
> service so you can package up your SSL certificates as efficiently as
> possible, even if you're not using CloudFlare. Just one more way we're
> working to make the web fast and safe.

[http://blog.cloudflare.com/what-we-just-did-to-make-ssl-
even...](http://blog.cloudflare.com/what-we-just-did-to-make-ssl-even-faster)

That looks like a very cool project, and they got a decent amount of attention
over it. It would be nice to see some follow through on those plans to release
it.

~~~
eastdakota
I'll check what the status of that is.

Edit: looks like it needs to be cleaned up a bit and then we'll release it.
Seeing if we can get someone on the team to take it on and get it out in the
next few weeks.

------
cdjk
I wonder why they're not using a secret sharing algorithm:

[http://en.wikipedia.org/wiki/Secret_sharing](http://en.wikipedia.org/wiki/Secret_sharing)

It would reduce the complexity of encrypting the data encryption key multiple
times with each pair of keys, and the math behind them is pretty neat.

~~~
shabble
Quoting from the Cloudflare article[1]:

 _Red October is based on combinatorial techniques and trusted cryptographic
primitives. We investigated using complicated secret primitives like Shamir 's
sharing scheme, but we found that a simpler combinatorial approach based on
primitives from Go's standard library was preferable to implementing a
mathematical algorithm from scratch._

Which seems like a reasonable choice for smallish numbers of keys/sharers,
especially given the data they're encrypting isn't exactly huge.

Are there good libraries (for any language) implementing shared secrets?

[1] [https://blog.cloudflare.com/red-october-cloudflares-open-
sou...](https://blog.cloudflare.com/red-october-cloudflares-open-source-
implementation-of-the-two-man-rule)

~~~
j_s
libgfshare[1] was mentioned[2] last time this project was discussed.

[1] [http://www.digital-scurf.org/software/libgfshare](http://www.digital-
scurf.org/software/libgfshare)

[2]
[https://news.ycombinator.com/item?id=6780346](https://news.ycombinator.com/item?id=6780346)

------
sgtpepper
Should have gone with the name "Crimson Tide", as that movie was actually
relevant...

------
FiloSottile
Here is the original blog post, more technically precise

[http://blog.cloudflare.com/red-october-cloudflares-open-
sour...](http://blog.cloudflare.com/red-october-cloudflares-open-source-
implementation-of-the-two-man-rule)

------
mike_herrera
As a layer of security this is great addition. But I would like to see an
option to also employ a biometric for identification.

Passwords and keys are great, but their weakness is that they can be shared.

~~~
dmix
/laywer question

Is a persons biometric signature something that can be legally compelled to be
used by a company, if that person quits or go AWOL?

If an employee/agent has ownership of a text keyfile (assuming no company
controlled backups exist), the company could look to police/courts about
property theft. But biometric seems a bit different.

~~~
mike_herrera
That's a great question. I would hope no company would voluntarily put
themselves in that situation.

Biometrics are useful for authentication, but I struggle with a safe use for
authorization, per se. Just for the reason you identified.

------
MWil
Does the system notify party#2 that party#1 has entered their key and is
awaiting further action?

~~~
grittygrease
Not currently, but the system is open source and designed to be easily
extensible.

