[tahoe-dev] Request for hash-dependency in Tahoe security.

Nathan nejucomo at gmail.com
Wed Apr 29 17:51:43 UTC 2009

I haven't yet read this "SHA-1 collisions now 2^52" paper:


However, I'm interested to know:

a. Where in Tahoe are hashes used?
b. For each usage, what guarantee is required of the hash?
c. If a hash fails, what is the expected behavior of the system?
d. For an existing grid how feasible is an upgrade to a new hash
format which preserves all data?

Having answers to any of these questions would place Tahoe a good step
beyond the standard, and I believe it would be a good selling point
for enterprise adoption.


ps: For the case of Merkel Trees, are any security guarantees
preserved in the face of hash collision attacks?

I know that some guarantees are preserved in the face of hash
vulnerabilities in HMAC.

More information about the tahoe-dev mailing list