[tahoe-dev] Choice of tree-hash
CodesInChaos
codesinchaos at gmail.com
Mon Sep 24 19:31:35 UTC 2012
On Mon, Sep 24, 2012 at 6:59 PM, Yaverot <Yaverot at computermail.net> wrote:
> A key part of Tahoe is that if someone else sticks the Avengers movie that comes out tomorrow on my server, I have no knowledge or access to it. So $BigCompany can't just MD5(avengers movie) and then sue me into oblivion for "distributing" it. You're probably fine to backup Windows 7, but if it lands on my server... I don't have a Win7 license.
>
> Like I started with, I'm probably hearing the worst possible interpretation of what you meant to say.
This plaintext hash would be stored in a place only accessible to
people who hold the read cap. Probably encrypted with the read-key in
the UEB. This means if a non trivial convergence secret was used, no
confirmation attack is possible for people who don't know that key. If
no convergence secret is used, this attack will be possible, but
that's already the case. So doesn't reduce security.
-------
Currently there is one significant leak left: The exact size of the
file is visible to parties without read-cap. There won't be that many
large files with a specific size, giving a good indication what a file
might be. But I'm sure the new design will have padding to reduce the
effect of that leak. So the new design should be more secure than the
current regarding confirmation attacks.
More information about the tahoe-dev
mailing list