Changes between Version 11 and Version 14 of Ticket #1164


Ignore:
Timestamp:
2013-09-11T03:59:56Z (11 years ago)
Author:
zooko
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #1164

    • Property Milestone changed from soon to 1.12.0

  • Ticket #1164 – Description

    v11 v14  
    11In order to protect against weaknesses in AES (such as timing or side-channel attacks, or cryptanalysis, possibly far in the future and applied against old ciphertexts), want to use a combined encryption of AES-128 and XSalsa20. Yu Xue (Student) and Jack Lloyd (Mentor) are working on implementing that mode for GSoC 2010:
    22
    3 http://tahoe-lafs.org/trac/pycryptopp/ticket/46
     3[//trac/pycryptopp/ticket/46 https://tahoe-lafs.org/trac/pycryptopp/ticket/46]
    44
    55This ticket is to integrate that encryption mode into Tahoe-LAFS. The steps are to define new capability versions, such as by inserting an {{{X}}} into the cap type designator:
    66
    7 http://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004878.html
    8 http://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004879.html
     7[//pipermail/tahoe-dev/2010-August/004878.html https://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004878.html]
     8[//pipermail/tahoe-dev/2010-August/004879.html https://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004879.html]
    99
    1010And to make it so that caps of that new type get encrypted/decrypted with XSalsa20+AES-128 instead of with AES-256. For the first release of Tahoe-LAFS which includes that functionality, it will still by default create new caps using the old encryption of only AES-256. It is important that people feel free to upgrade to new versions of Tahoe-LAFS without having to take any steps to ensure backward-compatibility, and that means that the new version of Tahoe-LAFS ''must not'', by default, produce caps that older versions of Tahoe-LAFS (such as v1.8.0) can't read.
    1111
    12 [http://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004936.html This tahoe-dev letter] lists all the places where the current source code (which is Tahoe-LAFS v1.8.0c1) uses encryption:
     12[//pipermail/tahoe-dev/2010-August/004936.html This tahoe-dev letter] lists all the places where the current source code (which is Tahoe-LAFS v1.8.0c1) uses encryption:
    1313 * [source:src/allmydata/dirnode.py@4539#L174]
    1414 * [source:src/allmydata/dirnode.py@4539#L293]