[tahoe-dev] Choice of tree-hash
Tony Arcieri
tony.arcieri at gmail.com
Mon Sep 24 21:40:36 UTC 2012
On Mon, Sep 24, 2012 at 1:35 PM, David-Sarah Hopwood <
david-sarah at jacaranda.org> wrote:
> Integrity checking using a hash of the ciphertext relies on the decryption
> being
> correct.
I'm a bit confused by this: if the decryption is incorrect, hasn't
integrity been violated?
Is the goal to detect a bad decrypt (due to software bugs) versus
transmission/storage error? If so, seems good to me.
The current Tahoe design allows random keys. It doesn't require any extra
> field in the
> capability. There's just no UI to enable it at the moment.
Would you use an authenticated encryption mode in this case? I am relying
on HKDF(plaintext, IV || empty string) as my "MAC" to determine the
authenticity of content.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20120924/3e858181/attachment.html>
More information about the tahoe-dev
mailing list