Security Best Practices¶

To maximize the security benefits of Fractum, follow these comprehensive best practices when encrypting, storing, and decrypting your sensitive files. These guidelines are based on security architecture analysis and real-world threat considerations.

Threshold Selection and Share Planning¶

Understanding Share Architecture¶

Each Fractum share contains:

1. Share index: Unique identifier (1-255)
2. Share key: Cryptographic data for secret reconstruction
3. Metadata: Label, threshold requirements, and version information
4. Integrity hash: SHA-256 checksum for detecting corruption
5. Tool integrity: Version and package verification data

Choosing Your Threshold (K) and Total Shares (N)¶

The threshold (K) determines how many shares are needed for reconstruction. Consider these factors:

• Security vs. Recovery: Higher K means more security but harder recovery
• Number of custodians: K should not exceed available trusted parties
• Availability requirements: Lower K allows faster recovery
• Risk tolerance: Higher K protects against more share compromises

Recommended Threshold Patterns¶

Mathematical Security Considerations¶

• Information-theoretic security: Each additional share below K provides zero information about the secret
• Reliability buffer: Extra shares (N-K) provide protection against loss or corruption
• Optimal ratio: Many implementations use K around 60-70% of N for balanced security
• Technical limit: PyCryptodome supports maximum 255 shares

Example configurations:

• Conservative: K=3, N=5 (need 3 of 5 shares) - 60% threshold
• Balanced: K=5, N=8 (need 5 of 8 shares) - 63% threshold
• High security: K=7, N=12 (need 7 of 12 shares) - 58% threshold

Secure Environment Setup¶

Encryption and Decryption Environment¶

Isolation Best Practices:

• Use air-gapped systems when possible for encryption/decryption operations
• Boot from a live OS (e.g., Tails, Ubuntu Live) for maximum isolation and no persistent traces
• Disable all networking during sensitive operations (WiFi, Ethernet, Bluetooth)
• Use secure system integrity checks before operations using checksums or secure boot
• Clear all temporary files and swap space after operations

Hardware Considerations:

• Dedicated hardware for high-security operations when possible
• Disable unnecessary peripherals (cameras, microphones, USB ports)
• Use encrypted storage for any persistent data
• Consider hardware security modules (HSMs) for extremely sensitive operations

Software Environment¶

Pre-Operation Checklist:

• Verify Fractum installation using official checksums
• Update to latest stable version to ensure security patches
• Run on supported platforms only (avoid beta/experimental systems)
• Check for malware using multiple scanners before operation

Share Distribution Security¶

Custodian Selection and Management¶

Custodian Evaluation:

• Trust Assessment: Evaluate personal and professional reliability
• Security Awareness: Ensure custodians understand basic security practices
• Geographic Distribution: Select custodians in different locations/jurisdictions
• Independence: Choose custodians who don't know each other when possible
• Background Research: Implement appropriate vetting procedures for sensitive data
• Role Documentation: Clearly define responsibilities and emergency procedures

Custodian Communication:

• Secure channels: Use encrypted communication for coordination
• Information minimization: Share only necessary details about the protected data
• Emergency contacts: Maintain updated contact information through secure channels
• Training protocols: Ensure custodians understand their security responsibilities

Strategic Share Distribution¶

Geographic Distribution Strategy:

• Separate locations: Store shares in different cities or countries
• Natural disaster resilience: Avoid geographically correlated risks
• Political considerations: Consider legal jurisdictions and stability
• Access logistics: Balance security with practical recovery needs

Storage Location Security:

• Bank safe deposit boxes: Professional-grade physical security
• Home safes: Fire-rated, burglary-resistant models
• Attorney offices: Professional custody with legal protections
• Corporate vaults: Enterprise-grade security for organizational use
• Multiple jurisdictions: Distribute across different legal/political zones

Storage Method Diversification:

• Physical storage: Bank deposit boxes, home safes, attorney offices
• Digital storage: Encrypted USB drives with additional passwords
• Hybrid approach: Mix physical and digital storage across shares
• Redundancy planning: Consider storing duplicate shares in separate secure locations

Physical Share Storage¶

Storage Medium Protection:

• Encrypted USB drives with additional password protection
• Printed copies in waterproof, fire-resistant containers
• Multiple copies of each share in separate secure locations
• Environmental protection: Guard against water, fire, electromagnetic interference

Operational Security Procedures¶

Pre-Encryption Security¶

Environment Preparation:

• Boot into secure, isolated environment
• Disconnect from all networks
• Close all unnecessary applications
• Check available disk space and memory
• Identify and check file integrity using checksums
• Set up secure output directories with appropriate permissions

File Preparation:

• Create secure backup of original file?
• Check file integrity before encryption
• Document file metadata (size, hash, creation date)
• Prepare secure deletion tools for original file

During Encryption Operations¶

• Process Monitoring: Monitor encryption/decryption progress to completion
• Resource Management: Ensure adequate system resources throughout operation
• Error Handling: Document any errors or warnings for security review
• Interruption Prevention: Prevent system sleep, hibernation, or interruption
• Share Creation: Immediately check share creation success after encryption
• Metadata Recording: Document threshold, total shares, and labels used
• Output Storage: Verify all expected outputs are created correctly

Post-Encryption Security¶

Immediate Actions:

• Test share integrity immediately after creation
• Verify output file integrity using checksums
• Document share distribution plan
• Create secure destruction plan for original file
• Prepare share distribution materials

Verification and Testing:

• Test decryption process with test data (not production shares)
• Test share accessibility with authorized personnel only
• Document recovery procedures for future reference
• Verify custodian contact information and procedures

Share Management Security¶

Distribution Strategy¶

Immediate Distribution:

• Same-day distribution: Don't leave all shares in one location
• Secure transport: Use trusted couriers or personal delivery
• Chain of custody: Document share handoffs with receipts/acknowledgments
• Software Security: Verify all software checksums and digital signatures before use
• Multiple channels: Use different distribution methods for different shares

Backup and Recovery Planning¶

Recovery Documentation:

1. Document your setup:
2. Record your threshold (K) and total shares (N)
3. Document where shares are stored

4. Note any labels or identifiers used

5. Create clear procedures:

6. Document steps for retrieval of shares
7. Include decryption instructions

8. Specify who has authority to initiate recovery

9. Test your recovery process:

10. Periodically perform test decryptions with non-sensitive data
11. Update procedures as needed

Long-term Management¶

Periodic Security Reviews:

• Custodian status: Regularly check custodian availability and security
• Storage integrity: Regularly check integrity of Fractum installation
• Access procedures: Review and update recovery procedures
• Emergency protocols: Test emergency recovery scenarios
• Communication security: Establish multi-channel communication for share requests
• Threat landscape: Monitor for new threats affecting your security model

Installation and Deployment Security¶

Secure Installation¶

Source Integrity:

• Source Authentication: Verify Fractum sources from official repositories
• Dependency Verification: Verify all dependencies (PyCryptodome, Python version)
• Installation isolation: Install in clean, isolated environments

Runtime Security:

• Permission management: Run with minimal necessary privileges
• Process isolation: Use containers or sandboxes when appropriate
• Resource limits: Set appropriate memory and disk usage limits
• Audit logging: Enable security logging where appropriate

Deployment Considerations¶

Production Environment:

• Air-gapped deployment: Isolate from internet connectivity during operations
• Dedicated systems: Use dedicated hardware for sensitive operations
• Access controls: Implement strict access controls and authentication
• Physical security: Secure physical access to systems and storage

Advanced Security Considerations¶

Share Rotation and Renewal¶

Share rotation mitigates long-term key compromise risks:

Rotation Planning:

1. Schedule Assessment: Determine appropriate rotation frequency based on threat model
2. Resource Planning: Ensure availability of custodians for new share distribution
3. Testing: Verify new shares work correctly before destroying old shares
4. Secure Destruction: Use cryptographic erasure methods for old shares

Rotation Frequency Guidelines:

• High-security secrets: Annual or bi-annual rotation
• Standard business use: Every 2-3 years
• Personal use: Every 3-5 years or when circumstances change
• Emergency rotation: Immediately upon suspected compromise

Rotation Procedures:

1. Decrypt the protected file using existing shares
2. Re-encrypt using a new key and generate new shares
3. Securely destroy the old shares
4. Update all documentation and custodian records

Threat-Specific Mitigations¶

Physical Threats:

• Natural disasters: Geographically distributed storage
• Theft/burglary: Multiple security layers and access controls
• Surveillance: Operational security during share handling

Digital Threats:

• Malware: Isolated systems and integrity verification
• Network attacks: Air-gapped operations
• Supply chain: Verified software sources and checksums

Social Engineering:

• Impersonation: Multi-factor authentication for share requests
• Coercion: Emergency protocols and duress procedures
• Insider threats: Principle of least privilege and monitoring

Compliance and Legal Considerations¶

Documentation Security¶

• Minimal documentation: Record only essential recovery information
• Secure storage: Protect documentation with same security as shares
• Access controls: Limit access to recovery documentation
• Regular updates: Keep procedures current and tested

Regulatory Compliance¶

Consider applicable regulations:

• Data protection laws (GDPR, CCPA)
• Financial regulations (SOX, PCI-DSS)
• Healthcare standards (HIPAA)
• Government requirements (FISMA, Common Criteria)

Security Best Practices Summary¶

1. Choose appropriate K and N values based on your security vs. recoverability needs
2. Distribute shares to different locations or custodians
3. Document the threshold requirements for future recovery
4. Test the recovery process periodically with non-sensitive test data
5. Consider periodic share rotation for long-term secrets
6. Maintain secure records of share locations and custodian contacts
7. Plan for emergency scenarios and custodian unavailability
8. Use proper operational security during all encryption/decryption operations

Remember: These practices should be adapted to your specific threat model and risk tolerance. Regular security reviews help ensure continued effectiveness of your Fractum deployment.