Changes between Version 5 and Version 13 of Ticket #2018


Ignore:
Timestamp:
2014-02-10T04:04:00Z (8 years ago)
Author:
zooko
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #2018

    • Property Owner set to nejucomo
    • Property Keywords research added
    • Property Cc nejucomo@… added
  • Ticket #2018 – Description

    v5 v13  
    33I propose that LAFS automatically add a randomized number of padding bytes to files when encrypting. Concretely, how about something like this. With {{{F}}} as the file size in bytes,
    44
    5 1. Let the "max padding", {{{X}}}, be {{{32 * log₂(F)}}}, rounded up to the nearest multiple of 32.
     51. Let the "max padding", {{{X}}}, be {{{32*ceil(log₂(F))}}}.
    66
    7 2. Choose a number of padding bytes, {{{P}}}, evenly from {{{[0..X)}}} as determined by the encryption key. ''Note: this is important that the number is deterministic from the key, so that multiple encryptions of the same-keyed file will not pick different random numbers and allow an attacker to statistically observe the padding's size.''
     72. Choose a number of padding bytes, {{{P}}}, evenly from {{{[0..X)}}} as determined by the encryption key. ''Note: this is important that the number is deterministic from the key, so that multiple encryptions of the same-keyed file will not pick different random numbers and allow an attacker to statistically observe the padding's size.'' Be sure the pad length gets derived from the key via a strongly one-way path.
    88
    993. Append {{{P}}} bytes of padding (0 bytes) to the plaintext before encryption. (This does not affect how the key is derived from the plaintext in the case of convergent encryption.)