james hughes wrote:
>
> On Aug 6, 2009, at 1:52 AM, Ben Laurie wrote:
>
> > Zooko Wilcox-O'Hearn wrote:
> >> I don't think there is any basis to the claims that Cleversafe makes
> >> that their erasure-coding ("Information Dispersal")-based system is
> >> fundamentally safer, e.g. these claims from [3]: "a malicious party
> >> cannot recreate data from a slice, or two, or three, no matter what
> >> the
> >> advances in processing power." ... "Maybe encryption alone is 'good
> >> enough' in some cases now - but Dispersal is 'good always' and
> >> represents the future."
> >
> > Surely this is fundamental to threshold secret sharing - until you
> > reach
> > the threshold, you have not reduced the cost of an attack?
>
> Until you reach the threshold, you do not have the information to
> attack. It becomes information theoretic secure.
With a secret sharing scheme such as Shamir's you have information theoretic
security. With the All-or-Nothing Transform and dispersal the distinction is
there is only computational security. The practical difference is that though
2^-256 is very close to 0, it is not 0, so the possibility remains that with
sufficient computational power useful data could be obtained with less than a
threshold number of slices. The difficulty of this is as hard as breaking the
symmetric cipher used in the transformation.
>
>
> They are correct, if you lose a "slice, or two, or three" that's fine,
> but once you have the threshold number, then you have it all. This
> means that you must still defend the site from attackers, protect your
> media from loss, ensure your admins are trusted. As such, you have
> accomplished nothing to make the management of the data easier.
Is there any data storage system which does not require some protection against
attackers, resiliency to media failure, and trusted administrators? Even in a
systems where one encrypts the data and focuses all energy on keeping the key
safe, the encrypted copies must still be protected for availability and
reliability reasons.
The security provided by this approach is only the icing on the cake to the
other benefits of dispersal. Dispersal provides extremely high fault tolerance
and reliability without the large storage requirements of making copies. See
this paper "Erasure Coding vs. Replication: A Quantitative Comparison" by the
creators of OceanStore for a primer on some of the advantages:
http://www.cs.rice.edu/Conferences/IPTPS02/170.pdf
>
> Assume your threshold is 5. You lost 5 disks... Whose information was
> lost? Anyone? Do you know?
If a particular "vault" (Our term for a logical grouping of data on which
access controls may be applied) had data stored on on a threshold number of
compromised drives, then data in that vault would be considered compromised.
Our systems tracks which vaults have data on which machines through a global
set of configuration information we call the Registry.
> What if the 5 drives were lost over 5
> years, what then?
When drives or machines are known to be lost or compromised one may perform a
read and overwrite of the peer-slices. This makes obsolete any slices
attackers may have accumulated up until that point. This is due to the fact
that the AONT is a random transformation, and newly generated slices cannot be
used with old ones to re-create data. Therefore this protocol protects against
slow accumulation of a threshold number of slices over time.
> CleverSafe can not provide any security guarantees
> unless these questions can be answered. Without answers, CleverSafe is
> neither Clever nor Safe.
>
> Jim
>
>
Please let me know if you have any additional questions regarding our
technology.
Best Regards,
Jason Resch
_______________________________________________
tahoe-dev mailing list
[email protected]
http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
