Feature name
- Enhance Emergency Access with Shamir’s Secret Sharing
Feature function
I see Emergency Access mostly useful for two scenarios:
- I die or become incapacitated, and my partner or estate will need access to all my digital presence to carry on
- I bump my head and forget the master password
The newly introduced Emergency Access feature goes almost all the way to achieve that but it means that my vault passphrase is protected by a single private key which depends on the strength of the Grantee’s vault security.
Using Shamir Secret Sharing should address such thin protection by requiring multiple entities and locations to cooperate and accessed in order to gain access to my vault passphrase.
The way I imagine this working goes something like this:
- Encrypt my vault password using SSS split to multiple parts. Let me decide the minimum number of parts I want to require for the decryption.
- Let me have a copy of each part.
- I decide how I transfer it to the Grantees. For instance, I could be giving them a piece of paper with a QR code, a USB key, or share it with them through BitWarden/Keybase/Signal. I might use Google Inactive Account Manager to send them the key which decrypts the SSS fragment. I could also keep a fragment together with my will or some other highly secure location.
- When recovery is necessary, Grantees can use BW interface for that in order to enter their fragments of the key. If enough fragments are provided then the vault passphrase and granted access is provided to the Grantees.
The main advantage I see in such a system is that no single person or piece of information can give access to my vault by itself. If, for instance, one of the Grantee’s vaults is hacked or a fragment is stolen from storage then it won’t help the hacker to gain access to my vault because they’ll need n-1
other fragments in order to obtain it. Another scenario is that if I give a single fragment to only one Grantee and the other fragment is stashed with my will in a secure place then they (the keeper of my will and the Grantee) can’t do anything with it without cooperating with the other.
Related topics + references
- SSS was mentioned before in this comment: ✅ Emergency access - #90 by irgeek