Brian Warner wrote: > Nathan wrote: >> The scenario of a 1.7 client producing two malicious files is a little >> off, IMO. > > At lunch today, Nathan and I discussed this further. There are two > separate sorts of attacks, which (I think) roughly parallel the > difference between first-preimage and second-preimage attacks on hash > functions. > > Attack A is where Alice uploads a file, derives a filecap, gives the > filecap to Bob, and then Bob downloads the file. Bob desires to see > whatever file Alice wanted him to see, and to not rely upon the servers > or other non-Alice parties to achieve this goal. The attacker (someone > other than Alice) can give Bob any shares they like. The attacker wins > if Bob accepts a file which is different than what Alice wanted him to > see. > > Attack B is where Alice uploads a file, Bob gets the filecap and > downloads it, Carol gets the same filecap and downloads it, and Carol > desires to see the same file that Bob saw. (Bob and Carol may be the > same person at different times, or Bob may have signed a contract > referencing the filecap and Carol is the judge who later enforces the > contract). The attackers (who may be Alice and/or other parties) get to > craft the filecap and the shares however they like. The attackers win if > Bob and Carol accept different documents.
Just to clarify, attack B only applies to immutable file caps, correct? If the file cap is mutable then Bob and Carol can have no expectation of seeing the same file. > I always get confused about the difference between first-preimage and > second-preimage, but I think there's a correspondence here. Attack A is second-preimage (the attacker already has a message/hash pair). Attack B is collision. First-preimage would be finding a message that hashes to a given hash, without having an existing message that hashes to it. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
