Michael Rogers <m.rogers at cs.ucl.ac.uk> wrote: > Strictly speaking it's true that obfuscating the store prevents an attacker > from enumerating the keys it contains, but that's not really relevant > because the attacker doesn't want a list of the keys in the store - they > want to know whether certain keys are in the store. If I can find that out > by starting the node without entering a passphrase then so can they.
An explicit list of the keys in the store does provide extra value for the attacker over having an oracle that says whether or not a given key is in the store. The attacker can use it to view the entire plaintext contents of the store. It's the same as the difference between 'r' and 'x' permission on a directory. theo
