Hey everyone!
Thinking about these 4 topics here: Enhancing emergency access with Shamir Secret Sharing, Emergency Access only upon death feature?, Emergency Access for the Secret Circle (SSS w/ some flair), Emergency access… Maybe I think I have a general idea how this could be done.
For example, what if each part of the shamir has an expiration date?
For example, suppose each part of the secret is an OTP(One-TimePassword) code with an expiration time that the user or set of users who own the key grants?
Example
To make this view more practical, I think about these general variables a, b, c, d, e, f and g:
a) The more people you share your secret, the greater the chances that n people will know your secret. The problem here is that by sharing any secret anyone can team up with others to put all the pieces together and access your password vault. What would be a vulnerability or point of attack.
b) About the general problem mentioned above on variable ‘a’, I thought of this idea: ‘b’. But what if nobody knows that there is a moment to validate the keys (the parts to complete the whole secret)?
c) So, the same number of people you shared the secret wouldn’t have enough time to gather all the keys.
d) If that’s correct (variable c), only you would know and they couldn’t know. Could this guarantee sharing the safe in an emergency and safe way?
e) This would be done according to “account inactivity”. For example, if the user does not access the account for “10 years” (it could be considered “inactive” or “dead”). So, if this user registers notification emails for contacts, these contacts can access the account with shamir-otp.
f) But for that to happen, all notified contacts must agree and access the same deadline to have a backup copy. If they access the deadline before or after, the key becomes invalid, and there is no way to get a new key.
g) It would be necessary to define which types of passwords should be backup (all, some, these or those passwords).That would be the principle to guarantee the least privilege and the greatest security, because it would only be possible to access a set of passwords that previously the “root user” agreed.
Rather than providing emergency account access, I think it would be more interesting to provide access to a backup or snapshot. Because in theory, you would only access something that was previously agreed upon. By default, there can be a schedule of backups+shamir+otp so that the user can access the account or certain accounts according to short or medium or long time. People can only access these backups when notified.
What do you all think of this idea? it makes sense? What is good or bad about this idea? @grb @amoss