Changes between Version 57 and Version 58 of NewCaps/WhatCouldGoWrong
- Timestamp:
- 2013-01-14T02:27:59Z (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
NewCaps/WhatCouldGoWrong
v57 v58 31 31 3. ''undeletion'': attacker makes a deleted file (for which it need not have had a read cap) accessible at its previous storage index, and readable by previous read caps 32 32 33 4. See the probability table at http ://en.wikipedia.org/wiki/Birthday_Attack . The effective hash length is approximately min(''s'',''r'')+''t'' bits.33 4. See the probability table at https://en.wikipedia.org/wiki/Birthday_attack . The effective hash length is approximately min(''s'',''r'')+''t'' bits. 34 34 35 5. On Merkle-Damgård hashes with an internal state that is the same size as the hash output (like SHA-256), there are better second-preimage attacks than brute force. See http ://www.schneier.com/paper-preimages.pdf . The doubled "SHA-256d" construction used by Tahoe does not help here. This is not significant for roadblock/speedbump attacks because the internal state will be much larger than ''t'' bits, but it is significant for the other second-preimage attacks.35 5. On Merkle-Damgård hashes with an internal state that is the same size as the hash output (like SHA-256), there are better second-preimage attacks than brute force. See https://www.schneier.com/paper-preimages.pdf . The doubled "SHA-256d" construction used by Tahoe does not help here. This is not significant for roadblock/speedbump attacks because the internal state will be much larger than ''t'' bits, but it is significant for the other second-preimage attacks. 36 36 37 37 6. ''roadblock''/''speedbump'' attacks could be restricted to holders of a read cap by use of an extra signature, as in the Elk Point 3 design (diagram at http://jacaranda.org/tahoe/mutable-addonly-elkpoint-3.svg for mutable files).
