Context Navigation

Changes between Version 17 and Version 18 of NewCaps/WhatCouldGoWrong

Timestamp:: 2009-10-11T02:27:40Z (15 years ago)
Author:: davidsarah
Comment:: attack #4 depends on second-preimage resistance, not collision resistance

v17	v18
5	5	\|\|2\|\|unauthorized read\|\|attack the encryption of ''K1'' with ''R''\|\|anyone\|\|any one file\|\|the security of the encryption scheme used for ''K1'', and the secrecy of the read-key ''R''\|\|2^min(''n'',''k'')^\|\|
6	6	\|\|3\|\|forgery of immutable file\|\|generate a matching read-cap (''R'',''T'') for someone else's file\|\|anyone\|\|any one file\|\|the hash function's and cap format's second-pre-image resistance on (''R'',''T''). This also depends on the encryption of ''K1'' being deterministic and correct.\|\|2^''n''+''t''^\|\|
7		\|\|4\|\|roadblock or speedbump [footnote 2]\|\|generate (''K1enc'',''Dhash'',''V'') that hash to someone else's ''T'', and copy their ''S''\|\|anyone\|\|any one file\|\|the hash function's and cap format's ~~collision~~ resistance on ''T''\|\|2^''t''^\|\|
	7	\|\|4\|\|roadblock or speedbump [footnote 2]\|\|generate (''K1enc'',''Dhash'',''V'') that hash to someone else's ''T'', and copy their ''S''\|\|anyone\|\|any one file\|\|the hash function's and cap format's second-preimage resistance on ''T''\|\|2^''t''^\|\|
8	8	\|\|5\|\|unauthorized read\|\|attack the encryption of the plaintext with ''K1''\|\|anyone\|\|any one file\|\|the security of the encryption scheme used for the plaintext, and the secrecy of the encryption key ''K1''. The latter also depends on the security and seeding of the RNG that generated it.\|\|2^''k''^\|\|
9	9	\|\|6\|\|unauthorized read\|\|figure out the input to the hash function that generates ''S''\|\|anyone\|\|any one file\|\|the hash function's pre-image resistance on ''S''\|\|brute force on ''R'' is !#2\|\|

v17	v18
5	5	\|\|2\|\|unauthorized read\|\|attack the encryption of ''K1'' with ''R''\|\|anyone\|\|any one file\|\|the security of the encryption scheme used for ''K1'', and the secrecy of the read-key ''R''\|\|2^min(''n'',''k'')^\|\|
6	6	\|\|3\|\|forgery of immutable file\|\|generate a matching read-cap (''R'',''T'') for someone else's file\|\|anyone\|\|any one file\|\|the hash function's and cap format's second-pre-image resistance on (''R'',''T''). This also depends on the encryption of ''K1'' being deterministic and correct.\|\|2^''n''+''t''^\|\|
7		\|\|4\|\|roadblock or speedbump [footnote 2]\|\|generate (''K1enc'',''Dhash'',''V'') that hash to someone else's ''T'', and copy their ''S''\|\|anyone\|\|any one file\|\|the hash function's and cap format's ~~collision~~ resistance on ''T''\|\|2^''t''^\|\|
	7	\|\|4\|\|roadblock or speedbump [footnote 2]\|\|generate (''K1enc'',''Dhash'',''V'') that hash to someone else's ''T'', and copy their ''S''\|\|anyone\|\|any one file\|\|the hash function's and cap format's second-preimage resistance on ''T''\|\|2^''t''^\|\|
8	8	\|\|5\|\|unauthorized read\|\|attack the encryption of the plaintext with ''K1''\|\|anyone\|\|any one file\|\|the security of the encryption scheme used for the plaintext, and the secrecy of the encryption key ''K1''. The latter also depends on the security and seeding of the RNG that generated it.\|\|2^''k''^\|\|
9	9	\|\|6\|\|unauthorized read\|\|figure out the input to the hash function that generates ''S''\|\|anyone\|\|any one file\|\|the hash function's pre-image resistance on ''S''\|\|brute force on ''R'' is !#2\|\|