[tahoe-lafs-trac-stream] [tahoe-lafs] #1374: "walk through" or guide for people who want to read some code

tahoe-lafs trac at tahoe-lafs.org
Sat Mar 5 13:49:33 PST 2011 

#1374: "walk through" or guide for people who want to read some code
-----------------------------+----------------------------------------------
     Reporter:  zooko        |       Owner:  nobody   
         Type:  enhancement  |      Status:  new      
     Priority:  major        |   Milestone:  undecided
    Component:  unknown      |     Version:  1.8.2    
   Resolution:               |    Keywords:  docs     
Launchpad Bug:               |  
-----------------------------+----------------------------------------------

Comment (by riastradh):

 Three random notes:

 1. The Tarsnap nonce reuse bug violated the security model, but not every
 part of it: it didn't expose any plaintext to eavesdroppers or men in the
 middle on the network, for example, or the plaintext of one user to
 another user.  If Amazon had known plaintexts, then the bug exposed more
 plaintext to Amazon if it was uploaded in the same session as but in
 separate files from the known plaintext.  (Bad?  Yes.  Exposure of all
 plaintext of all users?  A little overstated.)

 2. The sort of `semantic density' of Python code is higher than that of C
 code, and Python is much harder to cross-reference than C, so twenty
 thousand lines of Python is generally going to take me much longer to read
 and digest than twenty thousand lines of C.

 3. The structure of Tarsnap is not quite analogous to that of Tahoe-LAFS:
 while the Tahoe `client' (implementing the `tahoe cp' &c. commands) is
 mostly a trivial shim that just talks HTTP to a local server, the Tarsnap
 client also handles all the chunkification, encryption, &c.  This
 difference matters: I want to be able to ask, `What does Amazon get to
 see?', and I can find the answer for Tarsnap in the client source code
 users receive, but I don't think the answer for Tahoe-LAFS lies in
 src/allmydata/scripts/.

-- 
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1374#comment:6>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list