[tahoe-dev] introducing BLAKE2: an alternative to SHA-3, SHA-2, SHA-1, and MD5

David-Sarah Hopwood david-sarah at jacaranda.org
Sat Dec 22 01:18:49 UTC 2012


On 22/12/12 00:09, Zooko O'Whielacronx wrote:
> Note, I feel a lot more urgent about the addition of an extra
> XOR'ed-in stream cipher, XSalsa20 — ticket #1164 — and I hope to land
> the added XSalsa20 in Tahoe-LAFS v1.11 in early 2013. That's because
> attackers in the future may take advantage of ciphertext and other
> information (including timing information) which was previously
> produced by users. If such attackers can violate confidentiality, then
> the users will, at that future time, have the confidentiality of their
> old data breached, even if by then they have upgraded their encryption
> scheme. On the other hand, attackers from the future can't use a break
> of SHA-256 to violate the integrity of old files once users have
> upgraded their cryptographic hash function.

To be more precise, files can be reuploaded in order to obtain a
new filecap that uses the new hash function. The integrity of a file
downloaded using the old filecap is still dependent on the old hash
function. In the case of encryption, however, reuploading the file
doesn't help against an attacker who has the old ciphertext.

-- 
David-Sarah Hopwood ⚥

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20121222/07e25235/attachment.asc>


More information about the tahoe-dev mailing list