Changes between Version 1 and Version 2 of NewCaps/WhatCouldGoWrong


Ignore:
Timestamp:
2009-10-10T21:58:19Z (15 years ago)
Author:
zooko
Comment:

whee more attacks

Legend:

Unmodified
Added
Removed
Modified
  • NewCaps/WhatCouldGoWrong

    v1 v2  
    11This is about What Could Go Wrong with the "Elk Point 2" immutable file caps: http://jacaranda.org/tahoe/immutable-elkpoint-2.svg
    22
    3 ||''what bad thing could happen''||''who could do it''||''what could they target''||''what crypto property prevents it''||''how expensive to brute force''||
    4 ||shape-shifter immutable file [footnote 1]||creator of a file||their own file||the hash function's and cap format's collision resistance on the read-cap (''R'',''T'')||2^(''r''+''t'')/2^||
    5 ||unauthorized read||anyone||any file||the cipher's security and the secrecy of the read-key ''R''||2^''r''^||
    6 ||forgery of immutable file||anyone||any file||the hash function's and cap format's second-pre-image resistance on (''R'',''T'')||2^''r''+''t''^||
     3||#||''what bad thing could happen''||''how''||''who could do it''||''what could they target''||''what crypto property prevents it''||''how expensive to brute force''||
     4||1||shape-shifter immutable file [footnote 1]||collide read-cap (''R'',''T'')||creator of a file||their own file||the hash function's and cap format's collision resistance on the read-cap (''R'',''T'')||2^(''r''+''t'')/2^||
     5||2||unauthorized read||attack the encryption of ''K'' with ''R''||anyone||any one file||the cipher's security and the secrecy of the read-key ''R''||2^''r''^||
     6||3||forgery of immutable file||generate a matching read-cap (''R'',''T'') for someone else's file||anyone||any one file||the hash function's and cap format's second-pre-image resistance on (''R'',''T'')||2^''r''+''t''^||
     7||4||roadblock or speedbump [footnote 2]||generate (''V'',''K'',''D'') which hash to a someone else's ''T'', and copy their ''S''||anyone||any one file||the hash function's and cap format's collision resistance on ''T''||2^''t''^||
     8||5||unauthorized read||attack the encryption of the plaintext with ''K''||anyone||any one file||the cipher's security and the secrecy of the encryption key ''K''||2^''k''^||
     9||6||unauthorized read||figure out the input to the hash function that generates ''S''||anyone||any one file||the hash function's pre-image resistance on ''S''||brute force attack on ''R'' is !#2||
    710
    8111. ''shape-shifter immutable file'': creator creates more than one file matching the immutable file readcap
     122. ''roadlblock'': attacker prevents uploader (including repairer) from being able to write a real share into the right storage index; ''speedbump'': attacker adds his bogus share into the list of shares stored under the storage index by the same method; downloader has to download, examine, and discard the bogus (''V'',''K'',''D'')'s until it finds the real one
     13
     14http://allmydata.org/pipermail/tahoe-dev/2009-October/002959.html