[tahoe-dev] Choice of tree-hash

Yaverot Yaverot at computermail.net
Mon Sep 24 16:59:46 UTC 2012



--- codesinchaos at gmail.com wrote:

On Sun, Sep 23, 2012 at 9:11 PM, Tony Arcieri <tony.arcieri at gmail.com> wrote:
>> Why not use a hash (tree) of the ciphertext for this purpose? I suppose
>> encrypting the hash of the plaintext accomplishes the same thing...

|>The hash of the ciphertext depends on both the key and on how you
encrypt. So it can't answer the question if two files are the same
without downloading and rehashing at least one of them. Even when
using convergent encryption, Tahoe uses a different convergence secret
for each user, leading to different ciphertext hashes.

|>My objective is that when you know a plaintext hash, you can download
the file efficiently from whereever you have access to it, independent
from the details of the storage systems.

I'm sure it isn't you intent, but your wording is setting off all sorts of warning/danger signals in my head.  It sounds like your trying to circumvent the encryption and per-user secrets of Tahoe-LAFS.  This means either leaking those secrets, or making them pointless.  

A key part of Tahoe is that if someone else sticks the Avengers movie that comes out tomorrow on my server, I have no knowledge or access to it. So $BigCompany can't just MD5(avengers movie) and then sue me into oblivion for "distributing" it. You're probably fine to backup Windows 7, but if it lands on my server... I don't have a Win7 license.  

Like I started with, I'm probably hearing the worst possible interpretation of what you meant to say.



More information about the tahoe-dev mailing list