How do I generate a common hash from multiple passwords?

views:

answers:

+3 Q:

How do I generate a common hash from multiple passwords?

I've got an app that generates a hash off of a user password, which I then use to encrypt data with. I want to extend this to the case where any 2 out of 5 users need to authenticate the app before it has enough data to generate that hash.

The problem I've got is I need to generate the exact same hash no matter which 2 of the 5 users authenticate - since I'm encrypting with one hash only.

My main objective is to make it as secure as possible, so if there are other ways of doing the same thing please feel free to mention those as well. I'll just change the code where needed.

+8 A:

Generate a random key, encrypt it with keys derived from each of the pairs (password1, password2), (password1, password3), (password1, password4), (password1, password5), (password2, password3) etc. Then store each of these ten encryptions, so that you can look the correct one up when you are handed two arbitrary passwords.

Alternatively, instead of storing all of these pairs, use a (2,5)-secret sharing scheme (f.x. Shamir's) to split the random key and then store each of the 5 secrets encrypted with a key derived from each of the passwords.

Rasmus Faber 2009-08-05 09:01:24

The "secret sharing" term was the bit I was missing. Shamir's scheme seems to fit me perfectly. Thank you.

Belrog 2009-08-05 10:43:26

The scheme described is simple and effective when it comes to 2-of-5. Obviously it doesn't scale well, but it's a good idea for this system. :)

Nick Johnson 2009-08-06 08:29:45

Shamir's should still result in a more sane solution than running permutations of passwords - especially for scaling. I don't want to do permutations when someone decides we now need 10 people with passwords :)

Belrog 2009-08-12 11:46:26

ansaurus

tags:

views:

answers:

How do I generate a common hash from multiple passwords?

related questions