Hi all,
Following suggestion of Zooko Wilcox O'Hearn, I post here a question
about usage of hash functions in the security of Tahoe Filesystem.
I wonder why you are not using MAC's (Message Authentication Codes) for
the authentication on the data, in plaintext and ciphertext ?
I think your architecture could fit well with MAC computed in the
Gateway (As it's, by design, in the confident area)
Can you explain why you need collision resistance?
As you say in your doc / "The discovery of a collision in SHA256 is unlikely to
allow much, but could conceivably allow a consistency violation in data that was uploaded
by the attacker."/
As you are hashing (in fact, verifying consistency of) both ciphertext and plaintext, even if an attacker can replace a ciphertext chunk without modifying the Hash , you'll see it after verifying the hash over the plaintext (after decryption) ?
Perhaps you only need hash for hashing the "Capability Extension Block" ?
Regards,
Guillaume Sevestre.
_______________________________________________
tahoe-dev mailing list
[email protected]
http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
