| 1 | | {{{ |
| 2 | | #!rst |
| 3 | | What Is It? |
| 4 | | ----------- |
| 5 | | |
| 6 | | A file's capability is derived from two pieces of information on |
| 7 | | upload: The content of the file and the upload node's "convergence |
| 8 | | secret". By default, the convergence secret is randomly generated by the |
| 9 | | node when it first starts up, then stored in the node's base directory |
| 10 | | (<Tahoe's node dir>/private/convergence) and re-used after that. So the |
| 11 | | same file content uploaded from the same node will always have the same |
| 12 | | cap string. Uploading the file from a different node with a different |
| 13 | | convergence secret would result in a different cap string—and in a |
| 14 | | second copy of the file's contents stored on the grid. If you want files |
| 15 | | you upload to converge (also known as "deduplicate") with files uploaded |
| 16 | | by someone else, just make sure you're using the same convergence secret |
| 17 | | as they are. |
| 18 | | |
| 19 | | The advantages of deduplication should be clear, but keep in mind that |
| 20 | | the convergence secret was created to combat snooping. For example, with |
| 21 | | a convergence secret and a file, I can generate a file capability that |
| 22 | | would allow me to determine that you have uploaded a file to the grid. |
| 23 | | This isn't a big deal for things that are personally produced, but is a |
| 24 | | big deal for commonly known things that you want to keep secret that you |
| 25 | | know about. Examples would be a Bible in China or The Anarchist's |
| 26 | | Cookbook at the High School that I went to. This is called the |
| 27 | | "Confirm-The-File" attack. |
| 28 | | |
| 29 | | There is one more way that this can be used. Let's say that you know |
| 30 | | somebody stores their W-2 (a US tax document) on their Tahoe-LAFS grid. |
| 31 | | You can, with a little script, try various numbers for identity information |
| 32 | | and eventually end up with your full identity and salary. This is called |
| 33 | | the "Learn-The-Remaining-Information" attack. |
| 34 | | |
| 35 | | Here's the details of the origin of the convergence secret: |
| 36 | | `Convergence Secret Justification`_ |
| 37 | | |
| 38 | | .. _`Convergence Secret Justification`: |
| 39 | | https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html |
| 40 | | |
| 41 | | What If I Change My Convergence Secret? |
| 42 | | --------------------------------------- |
| 43 | | |
| 44 | | All your old file capabilities will still work, but the new data that |
| 45 | | you upload will not be deduplicated with the old data. If you upload all |
| 46 | | of the same things to the grid, you will end up using twice the space |
| 47 | | until garbage collection kicks in, if it's enabled. As one user put it, |
| 48 | | it would move the node where you change the convergence secret into a |
| 49 | | new deduplication domain. |
| 50 | | |
| 51 | | How To Use It |
| 52 | | ------------- |
| 53 | | |
| 54 | | To enable deduplication between different clients, **securely** copy |
| 55 | | the convergence secret file from one client to all the others. |
| 56 | | |
| 57 | | For example, if you are on host A and have an account on host B and you |
| 58 | | have scp installed, run: |
| 59 | | |
| 60 | | *scp ~/.tahoe/private/convergence |
| 61 | | my_other_account@B:.tahoe/private/convergence* |
| 62 | | |
| 63 | | If you have two different nodes on a single computer, say one for each |
| 64 | | disk, you would do: |
| 65 | | |
| 66 | | *cp /tahoe1/private/convergence /tahoe2/private/convergence* |
| 67 | | }}} |
| | 1 | moved to [source:git/docs/convergence-secret.rst] |
