Did you ever wonder how to store your most important backup password, for example for your full disk encryption? Print it to paper and store the paper in your parent’s safe? But what if that single copy gets destroyed over time and you just don’t know? And what if someone unauthorized gets his/her hands on the printout?

Then this simple script could be interesting for you. It lets you erasure code a phrase (password). You can decide into how many pieces you want to split your password, and how many pieces are needed to recover the original password.

For example, you can create 3 data and 2 parity chunks. That means, any 3 out of the 5 data chunks can recover your secret.

Please note that this has nothing to do with encryption. Basically each chunk contains a plain text part of the password/message. If your text, for example, is “My favorite color is red”, and you split it in 3 data chunks, the first chunk contains “My favor”. Also contained is the overall length of the message. This would make it pretty easy to guess the full text. Therefore, only use randomized strings. And make it a long password.

Also, the script can directly create QR codes for each chunk. That makes it easier to read the passwords back into a computer.

Now you can give the printed QR codes to trustees, and no single person can recover your password.

Update 2020-05-10: The best cryptographic solution for this problem would be Shamir’s Secret Sharing algorithm. There are lots of script that implement that.

Comments are closed.