Den 29 mar 2014 19:15 skrev "Matt Whitlock" <bip@mattwhitlock.name>:
>
> On Saturday, 29 March 2014, at 2:08 pm, Alan Reiner wrote:
> > Regardless of how SSSS does it, I believe that obfuscating that
> > information is bad news from a usability perspective. Undoubtedly,
> > users will make lots of backups of lots of wallets and think they
> > remember the M-parameter but don't. They will accidentally mix in some
> > 3-of-5 fragments with their 2-of-4 not realizing they are incompatible,
> > or not able to distinguish them. Or they'll distribute too many
> > thinking the threshold is higher and end up insecure, or possibly not
> > have enough fragments to restore their wallet thinking the M-value was
> > lower than it actually was.
> >
> > I just don't see the value in adding such complexity for the benefit of
> > obfuscating information an attacker might be able to figure out anyway
> > (most backups will be 2-of-N or 3-of-N) and can't act on anyway (because
> > he doesn't know where the other frags are and they are actually in
> > safe-deposit boxes)
>
> Okay, you've convinced me. However, it looks like the consensus here is that my BIP is unneeded, so I'm not sure it would be worth the effort for me to improve it with your suggestions.
I think it should be made an option (with the default being that the threshold is given and verification is applied. There could certainly be a few cases where the threshold is set high, you maybe don't have access to a great enough variety of hiding spots or secure enough hiding spots, and you want deter an attempt to find all the shares (with the idea being that the risk of detection would be too high, in particular when you use tamper evident seals). But for the majority it would be better to find a few different safeboxes to put the shares in and rely on physical security.