[tahoe-dev] notes from the Tahoe-LAFS Weekly Dev Call, 2012-09-11

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/09/12 21:57, Brian Warner wrote:
> Padding isn't too hard to explain ("we expose 8*ceil(len/8)"), but
> the privacy value it provides is dubious: an active attacker can
> still detect single-byte variations if they can get you to start
> close to an edge of the block size, and 8 bytes may not be enough
> to thwart the would-be file-correlator (who's just on the lookout
> for a file exactly 4834263 bytes long, but knows there aren't any
> other files close to that length, so the rounded-up 4834264-byte
> file is probably the same). For larger files, even 4096-byte chunks
> might not be enough. So the benefit depends upon the block size you
> pick, versus the distribution of file sizes, meaning we'd have to
> pick a block size out of a hat, and unjustified ad-hoc constants
> always make me think we're doing something wrong. (it might end up
> being a good idea, but it makes me nervous).

The block size could be a function of the file size, such that larger
files have larger blocks - for example, pad to the next-highest power
of two. There would still be edges where the attacker could change the
block size by adding a single byte to the file, but they'd be rarer
than with a fixed block size.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJQUFftAAoJEBEET9GfxSfMhkYIAI7lfnhGk0l5Gt4olXB/vJSn
EhA2AWhwOWNtx/fd6P0k/vjwuEfxfhBfk6oGRSI/NttdMUJy0LCLhajRBTVLUp9a
p9R6CTugHXD8uTE265MI8W3FfRzm2MmYkGNgy+TQpDHa7UY+JkvfVq199W2AEj4U
tsxkMgzZUkqj6fkGB5RPfWHSnM6nGAcMQRKIbsec6/lYc0hYKjqf/0zbrcxMwy8w
n0s9Mx35hM2guE+Y/nhVY4CbTMzblnKRF4FRhVAQi/uTegsRH4+O2HsLP4SWsdtq
6aViMyvjdzT7YTszflXCSbgJcQ8iYpT9AXRh/xS2WWEUP6T2lMQ+VNWFL5ZlGgk=
=EkUD
-----END PGP SIGNATURE-----