tahoe-lafs/trac-2024-07-25
2
0
Issues 1.1k Wiki Activity

oops, HMAC(key=readcap) is insecure 

[Imported from Trac: page NewMutableEncodingDesign, version 4]
warner 2009-08-28 02:39:44 +00:00
parent 19ebf92202
commit 0359fcb531
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
NewMutableEncodingDesign.md

@ -188,6 +188,11 @@ doesn't even change the way the existing caps are used:
## Shorter readcaps ## Shorter readcaps
(oh, oops, ignore this part. HMACs using the readcap as key are vulnerable to
manipulation by a collusion between Rose-the-readcap-holder and the storage
servers, and could be used to cause another readcap-holder to see the wrong
data. Nevermind.)
To make the readcap shorter, we must give up something, like complete To make the readcap shorter, we must give up something, like complete
server-side validation and complete offline attenuation. server-side validation and complete offline attenuation.