[tahoe-dev] usage of key file or smart card?

David-Sarah Hopwood david-sarah at jacaranda.org
Mon Nov 23 01:25:25 UTC 2009

Zooko Wilcox-O'Hearn wrote:
> On Saturday, 2009-11-21, at 23:20 , David-Sarah Hopwood wrote:
>> It is really 128-bit.
> You can see that by the fact that it generates 16-byte (128-bit)  
> encryption keys here:
> http://allmydata.org/trac/tahoe/browser/src/allmydata/immutable/ 
> upload.py?rev=4045#L1156

Oh, but I'm not considering the effects of convergent encryption;
perhaps we should be more careful about calling that
"really 128-bit", although it should be equivalently secure
against attackers who do not know the convergence secret.

Tahoe can encrypt files in two modes, convergent and random-key.
It always encrypts mutable files (which are used to implement
directories) with random keys. It can encrypt immutable files
(typically, up to now, all non-directory files) in either mode,
but uses convergent encryption by default.

So, random-key encryption is really 128-bit. Convergent encryption
is 128-bit with the caveat that an attacker can confirm a guess for
the file contents if they know the "convergence secret". See
<http://allmydata.org/pipermail/tahoe-dev/2008-August/000742.html> and

David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20091123/149e5fb4/attachment.asc>

More information about the tahoe-dev mailing list