[tahoe-dev] choosing when to have different convergence secrets
Zooko O'Whielacronx
zooko at zooko.com
Thu Feb 24 03:35:43 UTC 2011
Thanks for contributing to the FAQ, Greg!
On Wed, Feb 23, 2011 at 6:17 PM, Greg Troxel <gdt at ir.bbn.com> wrote:
>
> I didn't find this in the FAQ, so:
>
> Q: I understand that using a convergence secret unknown to attackers
> protects me from the known file confirmation attack.
Warning! The "confirmation of a file" attack is not the major threat.
Less widely understood and probably more dangerous for most people is
the "learn partial information" attack:
http://tahoe-lafs.org/hacktahoelafs/drew_perttula.html
Perhaps we could say something like:
Q: I understand that using a convergence secret unknown to attackers
protects me from the "confirmation of a file" attack and the "learn
partial information" attack ...
A: ...
Q: What are the "confirmation of a file" attack and the "learn partial
information" attack?
A: ... http://tahoe-lafs.org/hacktahoelafs/drew_perttula.html ...
By the way, I suspect that I may have failed to make Drew Perttula's
discovery clear enough in my write-up, since even people who are very
well-informed about many details of Tahoe-LAFS may still not
appreciate it. ;-) Or maybe it is just that drew_perttula.html is not
discovered and read by very many people and having a link to it from
the FAQ would help.
> But, using a
> different convergence secret on each client means that the same file
> will be stored mulitple times.
Hm... how about: "But, using the same convergence secret on multiple
clients means that if the different clients try to upload the same
file it will be uploaded only once and only one copy of it stored on
the servers."
> Should I use the same convergence secret on all of my clients, or leave them different?
Your proposed answer seems pretty good. I personally like to not only
share my added convergence secret with all of my clients but also with
other users, so that our uploads will converge.
Hm, this conversation has made me realize something. I just opened a
new ticket, #1368, the text of which is:
For some files I want convergence and I don't care about the
confirmation-of-a-file attack or learn-partial-information attack. For
others it is the other way around -- I don't care about convergence
and I do care about those attacks. Therefore the value of the added
convergence secret is more of a per-file configuration to me than a
per-node configuration. It would be nice if tahoe put, tahoe cp, and
tahoe backup offered a --converge-with= option, which would default to
the node-wide added convergence secret.
http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1368# make the added
convergence secret be a per-file configuration
> Q. Do I need to save the convergence secret to be able to recover my
> files? What if I change the convergence secret periodically?
>
> A. (UNSURE!) The encryption key is encoded in the capability, so the
> convergence secret is not needed to recover files. Changing it means
> that new files will no longer converge, but has no other bad effects.
Yep, exactly right.
Regards,
Zooko
More information about the tahoe-dev
mailing list