[tahoe-dev] Question about convergence keys

Jeremy Fitzhardinge jeremy at goop.org
Wed Aug 13 04:58:40 UTC 2008


Brian Warner wrote:
>> I guess if you want to store a mixture of small really confidential data
>> and large semi-confidential/public data, then you'd create two nodes with
>> distinct convergence keys. Or is there some more subtle way of achieving
>> the same result?
>>     
>
> Aye, that's the rub: how do you tell whether a given file is confidential or
> not, and if it is guessable or not? You might presume that large files are
> not very guessable (and use some sort of heuristic like "use a null
> convergence secret for all files larger than 2MB"), but we can think of
> several counter-examples that are large, secret, and have low-entropy (i.e.
> are guessable). Base something off the filename? But then your security
> properties depend upon how you choose to name your files.
>
> The lack of a clear+safe heuristic, coupled with experimental data showing
> that convergence did not provide a significant reduction in disk usage, led
> us to choose non-convergent uploads (i.e. randomly generated convergence
> domains) for the current tahoe release.

So, presumably if a client changes its convergence key, does it lose 
access to all its previously stored content?  Or does it just change the 
capabilities generated when you store something?

If you're using tahoe to do a full system backup, and you need to 
recover everything, what's the minimum needed to do that?  Is it just 
the read capability of the root of the backup tree?

    J



More information about the tahoe-dev mailing list