Split Keys to Multiple Machines

The objective of this post is to discuss the feasibility of splitting credentials into multiple machines.

Why to Split Key

• The motivation is to enhance the difficulty for the attackers to steal the key. The attackers would need to compromise several machines together 

How to Split Key

• [2] RSA

Feasibility of Splitting Key to Protect Security

• Though the secrets are separated, the rebuilding process must occur, by necessity, on a single machine which obtains, at some point, the secret itself. In particular, if you do the reassembly on a machine which is evil (i.e., which is under the control of an attacker through some malware), then the attacker learns the SSH private key. [1]

Conclusion

• It is not feasible to defense covert channel attack through splitting credentials to multiple machines. 

References

[1] Is there a way to split up my SSH Key using Shamir's Secret Sharing?,  in StackExchange 

[2] RSA Splits Authentication Credentials Across Multiple Servers For Added Protection
[3] Distributed Credential Protection: Trying to beat the hackers and protect our passwords