I’ve got an app that generates a hash off of a user password, which I then use to encrypt data with. I want to extend this to the case where any 2 out of 5 users need to authenticate the app before it has enough data to generate that hash.
The problem I’ve got is I need to generate the exact same hash no matter which 2 of the 5 users authenticate – since I’m encrypting with one hash only.
My main objective is to make it as secure as possible, so if there are other ways of doing the same thing please feel free to mention those as well. I’ll just change the code where needed.
Generate a random key, encrypt it with keys derived from each of the pairs (password1, password2), (password1, password3), (password1, password4), (password1, password5), (password2, password3) etc. Then store each of these ten encryptions, so that you can look the correct one up when you are handed two arbitrary passwords.
Alternatively, instead of storing all of these pairs, use a (2,5)-secret sharing scheme (f.x. Shamir’s) to split the random key and then store each of the 5 secrets encrypted with a key derived from each of the passwords.