Hi! Thanks for explaining the security mechanism. I am new to Tahoe and tried it out in the meanwhile. In deed you are right that no passphrases are used.
What I understood is that the confidentiality relies on the caps. Let's assume my storage provider wants to read my data and therefore tries to crack it. By brute force he tries all possible caps, so all possible keys on a specific file. Please correct me if I am wrong. What I did not understood yet is how strong the key length is. I read that AES-128 is used but I am not sure if the key length is really 128 bit or if it is reduced to keep the cap's length usable (for URL). For instance when encrypting a message with GnuPG I have an understanding of "key length" which is one of the important parameters (beside algorithm and proper usage) regarding the strength of the protection. I don't understand this parameter in Tahoe. ? Regards Stefan Kevin Reid schrieb: > On Nov 19, 2009, at 15:06, Stefan Xenon wrote: > >> Is it possible to use a key file or a smart card instead of a pass >> phrase to encrypt the storage in Tahoe? If so, are there any resources >> describing the usage? > > > Tahoe does not use any passphrase or single key. The encryption key > used is either derived from the file contents (immutable files) or is > a public/private key pair generated just for that file (mutable files/ > directories). > > The valuable secrets in Tahoe are the caps, which are generally either > stored as URLs (in your choice of location), or in the tahoe aliases > file <tahoe-dir>/private/aliases, which you can of course store on any > secure media you like. > > There is also the convergence secret private/convergence which, if you > use one, you probably want to keep safe as well, but is not really a > key or passphrase. > _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
