On Jul 26, 2009, at 12:11 AM, james hughes wrote:

On Jul 24, 2009, at 9:33 PM, Zooko Wilcox-O'Hearn wrote:

[cross-posted to tahoe-...@allmydata.org and cryptography@metzdowd.com ]

Disclosure: Cleversafe is to some degree a competitor of my Tahoe- LAFS project.
I am tempted to ignore this idea that they are pushing about encryption being overrated, because they are wrong and it is embarassing.

The trick is cute, but I argue largely irrelevant. Follows is a response to this web page that can probably be broadened to be a criticism of any system that claims security and also claims that key management of some sort is not a necessary evil....
It seems to me there's a much simpler critique. The Cleversafe approach - which is not without its nice points - solves the "key management problem" in exactly the same way that some version of Windows solved the "frequent General Protection Fault crashes" problem (by eliminating the error message).

The "key management problem" comes down to: I have encrypted data stored somewhere (where we assume attackers can access it, but not make use of it without the key). To make that data meaningful, I need to be able to locate the key appropriate to that data. What's a key? It's some private information. In Cleversafe's approach, I have data stored in pieces all over the place. To get at it, I need to know where the pieces of some data are. That information has to be secret, since anyone who has access to it can do the same computation and recover the data just as I can.

Alternatively, I can rely not on the secrecy of that information, but on the discretion of those who hold the pieces. OK, but I could have done that with a simpler technique: Encrypt the data conventionally, then split the key among the trusted holders. That's a tiny, and more to the point, *fixed* overhead beyond the size of the data, which will always beat the cleverest Reed-Solomon or erasure coding. (It also has - if I use an appropriate mode - such nice features as random access to small parts of the data without the need to decrypt the whole thing first.)

Granted, Cleversafe has other nice features. But other than changing "the key management problem" to "the secret information needed to get at the data, which won't be used as a crypto key" problem, I don't see how they've actually *solved* anything.

Further: If I'm only encrypting stuff for myself, there's little reason to use multiple keys. The key management problem becomes interesting when there is different encrypted data with different access rights for different groups of users. It's beyond me how Cleversafe's approach makes this easier - or harder.
                                                        -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to