Changes between Version 11 and Version 12 of NewCaps/WhatCouldGoWrong
- Timestamp:
- 2009-10-11T01:54:32Z (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
NewCaps/WhatCouldGoWrong
v11 v12 1 1 This is about What Could Go Wrong with the "Elk Point 2" immutable file caps: http://jacaranda.org/tahoe/immutable-elkpoint-2.svg 2 2 3 ||#||''what bad thing could happen''||''how''||''who could do it''||''what could they target''||''what crypto property prevents it''||''how expensive to brute force'' ||3 ||#||''what bad thing could happen''||''how''||''who could do it''||''what could they target''||''what crypto property prevents it''||''how expensive to brute force'' [footnote 5]|| 4 4 ||1||shape-shifter immutable file [footnote 1]||collide read-cap (''R'',''T'')||creator of a file||their own file||the hash function's and cap format's collision resistance on the read-cap (''R'',''T''). This also depends on the encryption of ''K1'' being deterministic and correct.||2^(''n''+''t'')/2^|| 5 5 ||2||unauthorized read||attack the encryption of ''K1'' with ''R''||anyone||any one file||the cipher's security and the secrecy of the read-key ''R''||2^''n''^|| … … 14 14 ||11||undeletion [footnote 3]||restore a deleted file's shares by controlling the relevant servers||anyone||any one file||not prevented by crypto||n/a|| 15 15 ||12||undeletion [footnote 3]||generate matching (''R'',''T'',''U'') for a deleted file||anyone||any one file||the hash function's and cap format's second-pre-image resistance on (''R'',''T'',''U'')||2^''n''+''t''+''u''^|| 16 ||13||accidental collision||storage indices (''S1'',''T1'') and (''S2'',''T2'') collide accidentally||n/a||any two files||approximately random distribution of hash function outputs||[footnote 4]|| 16 17 17 18 where ''k'' = bitlength(''K1''), ''n'' = bitlength(''R''), ''t'' = bitlength(''T''), ''u'' = bitlength(''U''), ''d'' = bitlength(''KD''). … … 23 24 3. ''undeletion'': attacker makes a deleted file (for which it need not have had a read cap) accessible at its previous storage index, and readable by previous read caps 24 25 26 4. See the probability table at http://en.wikipedia.org/wiki/Birthday_Paradox . 27 28 5. Brute force costs assume a single-target attack that is expected to succeed with high probability. Costs will be lower for attacking multiple targets or for a lower success probability. (Should we give give explicit formulae for this?) 29 30 25 31 http://allmydata.org/pipermail/tahoe-dev/2009-October/002959.html