[tahoe-dev] Request for hash-dependency in Tahoe security.
nejucomo at gmail.com
Wed Apr 29 17:51:43 UTC 2009
I haven't yet read this "SHA-1 collisions now 2^52" paper:
However, I'm interested to know:
a. Where in Tahoe are hashes used?
b. For each usage, what guarantee is required of the hash?
c. If a hash fails, what is the expected behavior of the system?
d. For an existing grid how feasible is an upgrade to a new hash
format which preserves all data?
Having answers to any of these questions would place Tahoe a good step
beyond the standard, and I believe it would be a good selling point
for enterprise adoption.
ps: For the case of Merkel Trees, are any security guarantees
preserved in the face of hash collision attacks?
I know that some guarantees are preserved in the face of hash
vulnerabilities in HMAC.
More information about the tahoe-dev