Changes between Version 11 and Version 14 of Ticket #1164
- Timestamp:
- 2013-09-11T03:59:56Z (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1164
- Property Milestone changed from soon to 1.12.0
-
Ticket #1164 – Description
v11 v14 1 1 In order to protect against weaknesses in AES (such as timing or side-channel attacks, or cryptanalysis, possibly far in the future and applied against old ciphertexts), want to use a combined encryption of AES-128 and XSalsa20. Yu Xue (Student) and Jack Lloyd (Mentor) are working on implementing that mode for GSoC 2010: 2 2 3 http://tahoe-lafs.org/trac/pycryptopp/ticket/46 3 [//trac/pycryptopp/ticket/46 https://tahoe-lafs.org/trac/pycryptopp/ticket/46] 4 4 5 5 This ticket is to integrate that encryption mode into Tahoe-LAFS. The steps are to define new capability versions, such as by inserting an {{{X}}} into the cap type designator: 6 6 7 http://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004878.html 8 http://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004879.html 7 [//pipermail/tahoe-dev/2010-August/004878.html https://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004878.html] 8 [//pipermail/tahoe-dev/2010-August/004879.html https://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004879.html] 9 9 10 10 And to make it so that caps of that new type get encrypted/decrypted with XSalsa20+AES-128 instead of with AES-256. For the first release of Tahoe-LAFS which includes that functionality, it will still by default create new caps using the old encryption of only AES-256. It is important that people feel free to upgrade to new versions of Tahoe-LAFS without having to take any steps to ensure backward-compatibility, and that means that the new version of Tahoe-LAFS ''must not'', by default, produce caps that older versions of Tahoe-LAFS (such as v1.8.0) can't read. 11 11 12 [ http://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004936.html This tahoe-dev letter] lists all the places where the current source code (which is Tahoe-LAFS v1.8.0c1) uses encryption:12 [//pipermail/tahoe-dev/2010-August/004936.html This tahoe-dev letter] lists all the places where the current source code (which is Tahoe-LAFS v1.8.0c1) uses encryption: 13 13 * [source:src/allmydata/dirnode.py@4539#L174] 14 14 * [source:src/allmydata/dirnode.py@4539#L293]