[tahoe-dev] Question about convergence keys

Jeremy Fitzhardinge jeremy at goop.org
Tue Aug 12 19:51:26 UTC 2008

First: Hi all!

I've been talking with Danny O'Brien (http://www.oblomovka.com/) about 
how to have a cloud at the edge.  That is, how to get the benefits of 
offloading your compute and data to a cloud of servers, but how to do so 
without relying on big centralized agents (hi, Google!).

He mentioned Tahoe to me, which I hadn't come across before.  And, as it 
happens, it solves a large number of the problems we'd like to solve.

So, good.

I have a question about convergence keys.  My understanding is that the 
files are encrypted with their own hash, which means that two copies of 
the file will encrypt to the same thing, but unless you actually have 
the file itself you can't see the content.

Traditionally, a hash gives no information about the content of a file, 
so posting the hash of a confidential file doesn't tell anyone anything 
they didn't already know.

But if you put these together, then getting the hash allows you to 
decrypt a file.

Tahoe allows you to set a convergence key to add to the hash, but if you 
have a group of relatively trustworthy peers (the friendnet scenario), 
then you want everyone to have the same convergence key, and the null 
key is the easiest to agree on.

Am I misunderstanding something.  Is the default convergence key 
something other than a plain hash of the file?  It would seem pretty 
easy to compute H(file) to get the hash, and H(file+some_zero_padding) 
to generate a convergence key.


More information about the tahoe-dev mailing list