search

amper5and / secrets.js

Secret sharing for javascript
MIT License
322 stars 140 forks source link

It is possible to select an incorrect configuration #5

Closed samueltardieu closed 3 years ago

samueltardieu commented 9 years ago

The UI lets one split a secret into 3 shares with a threshold of 4. Even if the user should not happen, this is problematic as even if the user keeps all the shares they may lose the original data.

For example, asking for 3 shares with a threshold of 4 for the string "This is a test" yielded

8013171e9f3439af6dd2875d1c5b8a7f278c9de4b27fc0be977f59dbeadf0
80270671046eab48a3ff8190988d7242964cf2450c9c849d40b26b6446636
8036ae31f18f5afa8f5bcd903ed599f0ca79c9d3de9af5a1d0d035e9e279d

but decoded it as "畤燐ᠠޛ朦뮚᳗ꀶ뗛ᝬ臔굜 ".

Since there is a non-negligible risk of data loss due to an operator error, the UI should refuse to encode the data if the threshold is greater than the number of shares.

grempe commented 9 years ago

This issue should be fixed in my fork. I have issued a pull request for all of my changes (this included). Feel free to comment there. Cheers. Glenn

samueltardieu commented 3 years ago

Closing here.