Changes between Version 38 and Version 39 of NewCaps/WhatCouldGoWrong


Ignore:
Timestamp:
2009-10-11T16:14:05Z (15 years ago)
Author:
davidsarah
Comment:

#7 and #8 are really the same attack; merge and renumber

Legend:

Unmodified
Added
Removed
Modified

  • NewCaps/WhatCouldGoWrong

    v38 v39  
    99||5||unauthorized read||attack the encryption of the plaintext with ''K1''||anyone||any one file||the security of the encryption scheme used for the plaintext, and the secrecy of the encryption key ''K1''. The latter also depends on the security and seeding of the RNG that generated it.||''p''.2^''k''^||
    1010||6||unauthorized read||figure out the input to the hash function that generates ''S''||anyone||any one file||the hash function's onewayness for (''R'',''T'') -> ''S''||brute force on ''R'' is !#2||
    11 ||7||unauthorized deletion||brute force KD||anyone||any one file||the hash function's onewayness for ''KD'' -> ''Dhash'' and the secrecy of ''KD''||''p''/''N''.2^''d''^||
    12 ||8||unauthorized deletion||figure out a working destroy key KD from Dhash||anyone||any one file||the hash function's preimage resistance on ''Dhash''||''p''/''N''.2^min(''d'',''dh'')^||
     11||7||unauthorized deletion||figure out a working destroy-key ''KD'' for a given ''Dhash''||anyone||any one file||the hash function's preimage resistance on ''Dhash'' and the secrecy of ''KD''||''p''/''N''.2^min(''d'',''dh'')^||
     12||8||accidental collision||storage indices (''S1'',''T1'') and (''S2'',''T2'') collide accidentally||not applicable||any two files||approximately random distribution of hash function outputs||[footnote 4]||
    1313||9||denial of service||prevent access to servers holding sufficient shares (by controlling some of them, or by attacking them or the network)||anyone||any file||not prevented by crypto||not applicable||
    1414||10||cause invalid share to verify||generate (''K1enc'',''Dhash'',''V'') that hash to someone else's (''T'',''U''), and copy their ''S''||anyone||any one file||the hash function's second-preimage resistance on (''T'',''U'')||''p''/''N''.2^''t''+''u''^ [footnote 5]||
    1515||11||undeletion [footnote 3]||restore a deleted file's shares by controlling the relevant servers||anyone||any one file||not prevented by crypto||not applicable||
    1616||12||undeletion [footnote 3]||generate matching (''R'',''T'',''U'') for a deleted file||anyone||any one file||the hash function's and cap format's second-preimage resistance on (''R'',''T'',''U'')||''p''/''N''.2^''r''+''t''+''u''^ [footnote 5]||
    17 ||13||accidental collision||storage indices (''S1'',''T1'') and (''S2'',''T2'') collide accidentally||not applicable||any two files||approximately random distribution of hash function outputs||[footnote 4]||
    1817
    1918where ''k'' = bitlength(''K1''), ''r'' = bitlength(''R''), ''s'' = bitlength(''S''), ''t'' = bitlength(''T''), ''u'' = bitlength(''U''), ''d'' = bitlength(''KD''), ''dh'' = bitlength(''Dhash'').