On Tue, Jan 5, 2010 at 12:19 AM, Zooko Wilcox-O'Hearn <[email protected]> wrote: > > That said, I don't *think* the current use cases for Tahoe-LAFS make > the users vulnerable to the known timing attacks on AES (especially > given that the AES implementation that we use [5] has a defense > against remote timing attacks). This is because people who need to > keep control of their own files use a gateway running on their own > computer so they are not vulnerable to someone else accessing their > files.
I guess this assumption of mine will have to change if people start using Tahoe-LAFS in the "cloud computing" reliance model where they don't mind being vulnerable to the owner of the gateway machine, but they do mind being vulnerable to that owner's other customers. This is one of the possibilities mentioned in Aaron Cordova's HadoopWorld talk [1], and it is the sort of reliance model that a lot of other people seem to be keen on, which is why research like [2] is important since it threatens that model. Anyway, the timing issues in AES have to be revisited if you want to support that model. Also, I suppose, if there is the possibility that the attacker could arrange to run his code on your machine that runs your web gateway (hm...). Not coincidentally, some of the researchers working on this "customers attacking one another in the cloud" angle are also working on AES timing attacks. In any case, I'm pretty sure that we ought to use a cipher combiner for the next revision in the same way that we ought to use a hash function combiner [3]. Regards, Zooko [1] http://www.cloudera.com/sites/all/themes/cloudera/static/hw09/3%20%20-%202-30%20Aaron%20Cordova,%20BAH,%20HadoopWorldComplete.pdf [2] Ristenpart et al.: "Hey, You, Get Off of My Cloud" http://people.csail.mit.edu/tromer/cloudsec/ [3] "hedging our bets -- in case SHA-256 turns out to be insecure" http://allmydata.org/pipermail/tahoe-dev/2009-November/003122.html _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
