Changes between Version 51 and Version 52 of NewCaps/WhatCouldGoWrong
- Timestamp:
- 2009-10-21T01:29:34Z (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
NewCaps/WhatCouldGoWrong
v51 v52 9 9 ||3||forgery of immutable file||generate a matching read-cap (''R'',''T'') for someone else's file||anyone||any one file||the hash function's and cap format's second-preimage resistance on (''R'',''T''). This also depends on the encryption of ''K1'' being deterministic and correct, and on the suitability of hash_''r'' as a KDF.||(''p''/''N'').2^''r''+''t''^ [footnotes 5,8]|| 10 10 ||4||roadblock or speedbump [footnote 2]||generate (''EncK1'',''Dhash'',''V'') that hash to someone else's ''T'', and copy their ''S''||anyone [footnote 6]||any one file||the hash function's and cap format's second-preimage resistance on ''T''||(''p''/''N'').2^''t''^|| 11 ||5||unauthorized read||attack the encryption of the plaintext with ''K1''||anyone||any one file||the security of the encryption scheme used for the plaintext, and the secrecy of the encryption key ''K1''. The latter also depends on the security and seeding of the RNG that generated it, and the one-wayness of hash_''r''.||''p''.2^''k''^||11 ||5||unauthorized read||attack the encryption of the plaintext with ''K1''||anyone||any one file||the security of the encryption scheme used for the plaintext, and the secrecy of the encryption key ''K1''. The latter also depends on the security and seeding of the RNG that generated it, and on resistance to attack #2.||''p''.2^''k''^|| 12 12 ||6||unauthorized read||figure out the input to the hash function that generates ''S''||anyone||any one file||the hash function's onewayness for (''R'',''T'') -> ''S''||brute force on ''R'' is !#2|| 13 13 ||7||unauthorized deletion||figure out a working destroy-key ''KD'' for a given ''Dhash''||anyone||any one file||the hash function's preimage resistance on ''Dhash'' and the secrecy of ''KD''||(''p''/''N'').2^min(''d'',''dh'')^||
