[tahoe-dev] [tahoe-lafs] #722: don't give Helper access to plaintext hashes

tahoe-lafs trac at allmydata.org
Sun May 31 12:29:45 PDT 2009


#722: don't give Helper access to plaintext hashes
---------------------------+------------------------------------------------
 Reporter:  warner         |           Owner:       
     Type:  defect         |          Status:  new  
 Priority:  major          |       Milestone:  1.5.0
Component:  code-encoding  |         Version:  1.4.1
 Keywords:                 |   Launchpad_bug:       
---------------------------+------------------------------------------------
 While examining the helper protocol today, I realized that we're still
 allowing the helper to ask for the plaintext hashes, even though these
 were generally removed from the upload process back in [2331] and [3286]
 in association with the #365 partial-information-guessing attack. (we only
 removed the code which uploads the plaintext hashes, but left the code
 which generates them, and the Helper has access to remote methods which
 can be used to retrieve them).

 This means that the helper can perform a partial-information-guessing
 attack against the client. There are other things the helper can do that
 we'd prefer it couldn't (specifically uploading the wrong ciphertext), but
 those are an integrity attack. This is a confidentiality attack.

 The fix will be to remove {{{remote_get_plaintext_hashtree_leaves}}} and
 {{{remote_get_plaintext_hash}}} from
 {{{upload.RemoteEncryptedUploadable}}}. I don't think there will be any
 ill-effects, except for a new client which tries to use a very old
 (pre-1.0) helper, which will fail.

 At some point, #453 will prompt us to add new methods to fulfill the same
 goal safely, probably named something like
 {{{remote_get_encrypted_plaintext_hash}}}.

-- 
Ticket URL: <http://allmydata.org/trac/tahoe/ticket/722>
tahoe-lafs <http://allmydata.org>
secure decentralized file storage grid


More information about the tahoe-dev mailing list