in the past i've pondered, in my crypto-naive way, if it might be possible to make venti (or at least vac) somewhat more secure by applying some kind of crypto to the data structures containing scores.
to my mind, the biggest security vulnerability in venti is the ability to unconditionally enumerate an entire file tree given its root score. if the VtPointer data structures, or the scores within them, were encrypted somehow, maybe that vulnerability could be mitigated. scores would still be useful, but only in conjunction with a (salted) key. of course, this would mean that pointer blocks would no longer be shared between file trees, but it's my suspicion that they don't use a significant percentage of overall storage. this wouldn't require a change to venti itself. but as i said, i'm naive when it comes to crypto; maybe there's no way of doing this with any decent degree of security or usefulness. 2009/2/3 erik quanstrom <quans...@quanstro.net>: >> >> I'm not sure how you'd fix this. What if only a portion of the block >> >> belongs to me and the other happens to be the password file? >> > >> > venti just stores whole blocks. >> >> Yes, but the content isn't guaranteed to be from a single user. In >> fact, venti has no clue. Change that and it's not venti anymore. > > exactly. but it's important to note that it's crypto hard to guess > somebody else's block. since blocks are addressed by content, you > can't share a block with someone else unless both of you stored > the same block. now if you are worried about libventi blocks with > pointers to other blocks, the same logic applies. venti really doesn't > care what you store. > > - erik > >
