[tahoe-dev] 100 year crypto notes
coderman
coderman at gmail.com
Sun May 30 14:51:11 PDT 2010
regards Zooko!
i'm enjoying my test tahoe environment and hope to have some mobile
benchmarks and offload improvements soon. (at least for sha256)
thanks for the clarification,
On Sun, May 30, 2010 at 1:42 PM, Zooko O'Whielacronx <zookog at gmail.com> wrote:
> We don't need symmetric authentication...
> Instead we need one of two things:
> * for immutable files, we need one-time immutable authentication...
> * for mutable files, we need the digital signature property
got it :)
> Wouldn't AES-256 arguable be better than AES-128 anyway, with standard
> AES-256 (i.e. with 14 rounds)?
i should clarify, with an added caveat that i don't yet understand all
of your use cases and threat model, so ...
given that AES 128 has 10 rounds and AES 256 has 14 rounds, it is
arguably better than AES 128.
however, since you're usually using AES 256 with expectations on key
strength beyond what AES 128 implies adding only 4 rounds for this
adjustment seems less than conservative.
> The only known problems with AES-256 are related key problems, which
> we always completely avoid because we use strong independent keys that
> an attacker can't influence.
excellent.
>> future resistant signatures / asymmetric crypto are Hard (tm). will be
>> curious to see how that's addressed...
>
> David-Sarah has a brilliant idea about Merkle Signatures based on hash
> functions. However, David-Sarah and I have a mutual agreement not to
> explore awesome new crypto ideas until we finish releasing Tahoe-LAFS
> v1.7. :-)
sounds reasonable, even if it means i must be patient. :)
More information about the tahoe-dev
mailing list