#722 closed defect (fixed)
don't give Helper access to plaintext hashes
| Reported by: | warner | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 1.5.0 |
| Component: | code-encoding | Version: | 1.4.1 |
| Keywords: | confidentiality | Cc: | |
| Launchpad Bug: |
Description
While examining the helper protocol today, I realized that we're still allowing the helper to ask for the plaintext hashes, even though these were generally removed from the upload process back in 7996131a0aa0b55c and db566db31a66e076 in association with the #365 partial-information-guessing attack. (we only removed the code which uploads the plaintext hashes, but left the code which generates them, and the Helper has access to remote methods which can be used to retrieve them).
This means that the helper can perform a partial-information-guessing attack against the client. There are other things the helper can do that we'd prefer it couldn't (specifically uploading the wrong ciphertext), but those are an integrity attack. This is a confidentiality attack.
The fix will be to remove remote_get_plaintext_hashtree_leaves and remote_get_plaintext_hash from upload.RemoteEncryptedUploadable. I don't think there will be any ill-effects, except for a new client which tries to use a very old (pre-1.0) helper, which will fail.
At some point, #453 will prompt us to add new methods to fulfill the same goal safely, probably named something like remote_get_encrypted_plaintext_hash.
Change History (2)
comment:1 Changed at 2009-06-01T23:30:26Z by warner
- Resolution set to fixed
- Status changed from new to closed
comment:2 Changed at 2009-11-22T06:38:54Z by davidsarah
- Keywords confidentiality added
(I'm looking at old attacks to see what can be learnt from them, and fixing the keywords helps to make them searchable.)
Done, in 4177a3616b6f887c.