[tahoe-dev] usage of key file or smart card?
David-Sarah Hopwood
david-sarah at jacaranda.org
Sat Nov 21 22:20:47 PST 2009
[Sorry if this is a duplicate post.]
Stefan Xenon wrote:
> Hi!
> Thanks for explaining the security mechanism. I am new to Tahoe and
> tried it out in the meanwhile. In deed you are right that no passphrases
> are used.
>
> What I understood is that the confidentiality relies on the caps. Let's
> assume my storage provider wants to read my data and therefore tries to
> crack it. By brute force he tries all possible caps, so all possible
> keys on a specific file. Please correct me if I am wrong.
>
> What I did not understood yet is how strong the key length is. I read
> that AES-128 is used but I am not sure if the key length is really 128
> bit or if it is reduced to keep the cap's length usable (for URL).
It is really 128-bit. In the case of mutable files, the security also
depends on an asymmetric signature scheme, which is currently 2048-bit
RSA (but may change to ECDSA).
The cap URLs are quite long at the moment, and the symmetric key is not
the dominant contributor to their length. A typical current URL looks like:
URI:DIR2-RO:j74uhg25nwdpjpacl6rkat2yhm:kav7ijeft5h7r7rxdp5bgtlt3viv32yabqajkrdykozia5544jqa/file.html
(This doesn't include a gateway server, i.e. it shows roughly what the
length might be if web browsers directly supported Tahoe URLs using the
existing crypto protocol. It is for a named file within a directory,
rather than a direct cap to a file, which would omit the "/file.html".)
There are plans to change the protocol to support shorter URLs and
additional features, but I think it's very unlikely that we would
reduce the encryption key length to less than 128 bits. If the protocols
that are currently being considered pan out, then the URL length might be
shortened to something like this, still with 128-bit encryption:
lafs://DR-3AeIEJs52QXFMGYqalmuxSYx0rXDp/file.html
(Technical details: this is roughly the expected length for an URL to
a named file in a mutable read-only directory, using any version of the
"Elk Point" proposal with parameters r = 128, t = 50, and base-62 encoding.)
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://allmydata.org/pipermail/tahoe-dev/attachments/20091122/822b5e82/attachment.pgp
More information about the tahoe-dev
mailing list