tahoe-lafs/trac-2024-07-25
2
0
Issues 1.1k Wiki Activity
Page: TaggedHash
Pages
AboutUs Accounting AccountingDesign AdvancedInstall AllmydataDotComPage ArchLinuxArmInstallation BBFreeze BadContent Bibliography BitCoinPage BuildSystemTheory BuildbotPolicy Capabilities CodingStandards CompileError ComponentDefinitions Convergence Secret DelegationOperations Dev DevInfra DirectoryNode Doc DownloadDebianPackages Extensions FAQ FileId FileTree GSoCIdeas GSoCIdeas2009 GSoCIdeas2010 GridBackup GridManager Grids Home HowToReportABug HowToWriteTests HowtoBuildPyCryptoOnWindows HowtoContributeABuildbot InstallDetails Installation JavaScript Keywords KnownIssues LocalGrid Manual MeetingNotes_2012_10_23 MemoryFootprint MoveOffTrac Munin_Stats Gatherer_Readme Munin_local_plugins_README NewAccountingDesign NewCapDesign NewImmutableEncodingDesign NewMutableEncodingDesign NewbieDeveloperSetup News OSPackages OldNews OneHundredYearCryptography OriginalWikiStart Ostrom Packaging PatchReviewProcess Patches PeerSelection Performance PkgSrc Proposed Python3 QuotaManagement RelatedProjects RequestedEdits ResearchVenues SNARKs Security ServerSelection SftpFrontend SpamPolicy StorageIndex Summit Summit1 Summit2011 Summit2016 Summit2Day1 Summit2Day2 Summit2Day3 Summit2Day4 TaggedHash TahoeLAFSMobile TahoeLAFSWeeklyNews TahoeThree TahoeTwo TahoeVsDebianBuggyOpenSsl TestGrid TipsTricks TracSecurityOverview TracStartingPoints TracWikiMacros Tutorial UbuntuPackaging UseCases VerifierId VersionNumbers Versioning ViewTickets ViewTickets2 VolunteerGrid WeeklyMeeting WindowsBuild apparmor pyFilesystem test
2 TaggedHash
zooko edited this page 2007-05-04 14:18:52 +00:00

Each place a hash function is used within Tahoe, the data to be hashed is first prepended with a distinct "tag", one per purpose.

These tags are encoded as a netstring, to insure that they cannot be confused with the data being hashed. For example, the VerifierId is computed as the SHA-256 hash of the following string:

    "23:allmydata_verifierid_v1," + DATA

This technique is especially important to distinguish the leaf nodes from the internal nodes in a MerkleHashTree, because otherwise an attacker can trivially construct leaf data that results in the same root hash as a previously constructed tree.