On 22/12/12 00:09, Zooko O'Whielacronx wrote: > Note, I feel a lot more urgent about the addition of an extra > XOR'ed-in stream cipher, XSalsa20 — ticket #1164 — and I hope to land > the added XSalsa20 in Tahoe-LAFS v1.11 in early 2013. That's because > attackers in the future may take advantage of ciphertext and other > information (including timing information) which was previously > produced by users. If such attackers can violate confidentiality, then > the users will, at that future time, have the confidentiality of their > old data breached, even if by then they have upgraded their encryption > scheme. On the other hand, attackers from the future can't use a break > of SHA-256 to violate the integrity of old files once users have > upgraded their cryptographic hash function.
To be more precise, files can be reuploaded in order to obtain a new filecap that uses the new hash function. The integrity of a file downloaded using the old filecap is still dependent on the old hash function. In the case of encryption, however, reuploading the file doesn't help against an attacker who has the old ciphertext. -- David-Sarah Hopwood ⚥
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tahoe-dev mailing list [email protected] https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
