James A. Donald wrote: > Zooko Wilcox-O'Hearn wrote: >> On Wednesday,2009-08-26, at 19:49 , Brian Warner wrote: >> >>> Attack B is where Alice uploads a file, Bob gets the filecap and >>> downloads it, Carol gets the same filecap and downloads it, and >>> Carol desires to see the same file that Bob saw. ... The attackers >>> (who may be Alice and/or other parties) get to craft the filecap >>> and the shares however they like. The attackers win if Bob and >>> Carol accept different documents. >> Right, and if we add algorithm agility then this attack is possible >> even if both SHA-2 and SHA-3 are perfectly secure! >> >> Consider this variation of the scenario: Alice generates a filecap >> and gives it to Bob. Bob uses it to fetch a file, reads the file and >> sends the filecap to Carol along with a note saying that he approves >> this file. Carol uses the filecap to fetch the file. The Bob-and- >> Carol team loses if she gets a different file than the one he got. > > If Bob and Carol want to be sure they are seeing the same file, have to > use a capability to an immutable file. > > Obviously a capability to an immutable file has to commit the file to a > particular hash algorithm.
It's obvious that the capability has to commit to a particular hash algorithm (note that a concatenation of more than one hash might as well be considered another algorithm). It's not obvious that the file has to be associated with a hash algorithm at all -- the algorithm is determined by whoever creates the capability, not the file. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
