Zooko Wilcox-O'Hearn wrote: > On Saturday, 2009-11-21, at 23:20 , David-Sarah Hopwood wrote: > >> It is really 128-bit. > > You can see that by the fact that it generates 16-byte (128-bit) > encryption keys here: > > http://allmydata.org/trac/tahoe/browser/src/allmydata/immutable/ > upload.py?rev=4045#L1156
Oh, but I'm not considering the effects of convergent encryption; perhaps we should be more careful about calling that "really 128-bit", although it should be equivalently secure against attackers who do not know the convergence secret. Tahoe can encrypt files in two modes, convergent and random-key. It always encrypts mutable files (which are used to implement directories) with random keys. It can encrypt immutable files (typically, up to now, all non-directory files) in either mode, but uses convergent encryption by default. So, random-key encryption is really 128-bit. Convergent encryption is 128-bit with the caveat that an attacker can confirm a guess for the file contents if they know the "convergence secret". See <http://allmydata.org/pipermail/tahoe-dev/2008-August/000742.html> and <http://allmydata.org/pipermail/tahoe-dev/2008-March/000449.html>. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
