[tahoe-dev] Question about Hash usage (versus MAC) for consistency check

Guillaume Sevestre guillaume.sevestre at gmail.com
Tue Aug 4 22:27:10 UTC 2009

Hi all,

Following suggestion of Zooko Wilcox O'Hearn, I post here a question 
about usage of hash functions in the security of Tahoe Filesystem.

I wonder why you are not using MAC's (Message Authentication Codes) for 
the authentication on the data, in plaintext and ciphertext ?

I think your architecture could fit well with MAC computed in the 
Gateway (As it's, by design, in the confident area)

Can you explain why you need collision resistance?


As you say in your doc / "The discovery of a collision in SHA256 is unlikely to allow much, but could conceivably allow a consistency violation in data that was uploaded by the attacker."/

As you are hashing (in fact, verifying consistency of) both ciphertext and plaintext, even if an attacker can replace a ciphertext chunk without modifying the Hash , you'll see it after verifying the hash over the plaintext (after decryption) ? 

Perhaps you only need hash for hashing the "Capability Extension Block" ?



Guillaume Sevestre.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20090805/42f875f7/attachment.html>

More information about the tahoe-dev mailing list