On Mar 31, 2008, at 4:47 AM, Ivan Krstić wrote:
Tahoe doesn't run this service either. I can't use it to make guesses
at any of the values you mentioned. I can use it to make guesses at
whole documents incorporating such values, which is in most cases a
highly non-trivial distinction.
The way
On Mar 31, 2008, at 6:44 AM, James A. Donald wrote:
Better still, have a limited supply of tickets that enable one to
construct the convergence key. Enough tickets for all normal usage,
but not enough to perform an exhaustive search. [...]
If you give the ticket issuing computers an ellipt
On Mar 30, 2008, at 9:37 PM, zooko wrote:
You can store your True Name, credit card number, bank
account number, mother's maiden name, and so forth, on the same
server as your password, but you don't have to worry about using
salts or key strengthening on those latter secrets, because the
server
Ivan Krsti? wrote:
1. take partially known plaintext
2. make a guess, randomly or more intelligently where possible,
about the unknown parts
3. take the current integrated partial+guessed plaintext, hash
to obtain convergence key
4. verify whether that key exists in the storage index
5. if
Hi,
Sorry for arriving late into this thread...
zooko <[EMAIL PROTECTED]> writes:
>The Learn-Partial-Information Attack
>
> They extended the confirmation-of-a-file attack into the
> learn-partial-information attack. In this new attack, the
> attacker learns some information from
zooko wrote:
Think of it like this:
Passwords are susceptible to brute-force and/or dictionary attack.
We can't, in general, prevent attackers from trying guesses at our
passwords without also preventing users from using them, so instead
we employ various techniques:
* salts (to break
On Sun, Mar 30, 2008 at 05:13:07PM -0400, Ivan Krsti?? wrote:
> That's a brute force search. If your convergence key, instead of being
> a simple file hash, is obtained through a deterministic but
> computationally expensive function such as PBKDF2 (or the OpenBSD
> bcrypt, etc), then step 3
[This conversation is spanning three mailing lists --
cryptography@metzdowd.com, [EMAIL PROTECTED], and tahoe-
[EMAIL PROTECTED] . Some of the posts have not reached all three of
those lists. I've manually added Jerry Leichter and Ivan Krstić to
the approved-senders set for p2p-hackers and
On Mar 30, 2008, at 3:12 PM, Leichter, Jerry wrote:
How would that help?
Unless I'm misunderstanding Zooko's writeup, he's worried about an
attacker going from a partially-known plaintext (e.g. a form bank
letter) to a completely-known plaintext by repeating the following
process:
1. ta
| >They extended the confirmation-of-a-file attack into the
| >learn-partial-information attack. In this new attack, the
| >attacker learns some information from the file. This is done by
| >trying possible values for unknown parts of a file and then
| >checking whether the resu
On Mar 20, 2008, at 3:42 PM, zooko wrote:
They extended the confirmation-of-a-file attack into the
learn-partial-information attack. In this new attack, the
attacker learns some information from the file. This is done by
trying possible values for unknown parts of a file and then
c
Jim:
Thanks for your detailed response on the convergent encryption issue.
In this post, I'll just focus on one very interesting question that
you raise: "When do either of these attacks on convergent encryption
apply?".
In my original note I was thinking about the allmydata.org "Tahoe"
|...Convergent encryption renders user files vulnerable to a
|confirmation-of-a-file attack. We already knew that. It also
|renders user files vulnerable to a learn-partial-information
|attack in subtle ways. We didn't think of this until now. My
|search of the literature sugges
alized computer networks [EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], Cryptography
Subject: Re: [tahoe-dev] [p2p-hackers] convergent encryption
reconsidered
Reply-To: [EMAIL PROTECTED]
On Mar 20, 2008, at 12:42 PM, zooko wrote:
Security engineers have always appreciated that c
(This is an ASCII rendering of https://zooko.com/
convergent_encryption_reconsidered.html .)
Convergent Encryption Reconsidered
Written by Zooko Wilcox-O'Hearn, documenting ideas due to Drew
Perttula, Brian Warner, and Zooko Wilcox-O'Hearn, 2008-03-20.
15 matches
Mail list logo