Comment by octoberfranklin
19 days ago
Shamir Secret Sharing is notoriously difficult to implement correctly, and even the smallest most subtle bugs result in total compromise.
Consider whether you really need this.
Doing 7-choose-5 separate multiparty encryptions is way harder to screw up. Is having to produce 42 ciphertexts really a dealbreaker?
They are using the Hashicorp Vault implementation, and it's been around for years. I think we can safely say they know what they are doing.
Can we?
Hashicorp is a devops company, not a cryptography company. The "hash" in their name bears no reference to cryptographic hashing.
If the implementation came from DJB, or RSA corporation, or the OpenSSH developers that would be one thing.