Thanks for contributing to the FAQ, Greg! On Wed, Feb 23, 2011 at 6:17 PM, Greg Troxel <[email protected]> wrote: > > I didn't find this in the FAQ, so: > > Q: I understand that using a convergence secret unknown to attackers > protects me from the known file confirmation attack.
Warning! The "confirmation of a file" attack is not the major threat. Less widely understood and probably more dangerous for most people is the "learn partial information" attack: http://tahoe-lafs.org/hacktahoelafs/drew_perttula.html Perhaps we could say something like: Q: I understand that using a convergence secret unknown to attackers protects me from the "confirmation of a file" attack and the "learn partial information" attack ... A: ... Q: What are the "confirmation of a file" attack and the "learn partial information" attack? A: ... http://tahoe-lafs.org/hacktahoelafs/drew_perttula.html ... By the way, I suspect that I may have failed to make Drew Perttula's discovery clear enough in my write-up, since even people who are very well-informed about many details of Tahoe-LAFS may still not appreciate it. ;-) Or maybe it is just that drew_perttula.html is not discovered and read by very many people and having a link to it from the FAQ would help. > But, using a > different convergence secret on each client means that the same file > will be stored mulitple times. Hm... how about: "But, using the same convergence secret on multiple clients means that if the different clients try to upload the same file it will be uploaded only once and only one copy of it stored on the servers." > Should I use the same convergence secret on all of my clients, or leave them > different? Your proposed answer seems pretty good. I personally like to not only share my added convergence secret with all of my clients but also with other users, so that our uploads will converge. Hm, this conversation has made me realize something. I just opened a new ticket, #1368, the text of which is: For some files I want convergence and I don't care about the confirmation-of-a-file attack or learn-partial-information attack. For others it is the other way around -- I don't care about convergence and I do care about those attacks. Therefore the value of the added convergence secret is more of a per-file configuration to me than a per-node configuration. It would be nice if tahoe put, tahoe cp, and tahoe backup offered a --converge-with= option, which would default to the node-wide added convergence secret. http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1368# make the added convergence secret be a per-file configuration > Q. Do I need to save the convergence secret to be able to recover my > files? What if I change the convergence secret periodically? > > A. (UNSURE!) The encryption key is encoded in the capability, so the > convergence secret is not needed to recover files. Changing it means > that new files will no longer converge, but has no other bad effects. Yep, exactly right. Regards, Zooko _______________________________________________ tahoe-dev mailing list [email protected] http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
