Shush by Thomas Leplus
Shush allows Yubikey owners to combine their keys in order to produce a shared key. That key as the same format and strength as a normal Yubikey and can therefore be used for the same purposes. Currently Shush is based on a simple XOR of the participants keys so all the keys need to be in static password mode. Also the participant keys should not be used for other purposes once they are involved in a Shush scheme or it would lower the scheme's security (one-time pad principle).
To use Shush, the participants simply provide their Yubikey to the program which then compute the shared key and copies it to the OS clipboard. The shared key can then be pasted anywhere a password is prompted. For example, Shush could be used to put a secret file under escrow. If all the participants combine their keys to generate the encryption key of the file, all the participants keys are then required to later decrypt the file.
Future enhancements to Shush could be:
- a graphical user interface
- an asymmetric scheme that would work with the keys in time-variant mode
- a mode where a subset of the participants key would suffice to produce the shared key
Shush is an open source software in its very early development. Feel free to try it and send me your suggestions or comments.