oops, HMAC(key=readcap) is insecure
[Imported from Trac: page NewMutableEncodingDesign, version 4]
parent
19ebf92202
commit
0359fcb531
|
@ -188,6 +188,11 @@ doesn't even change the way the existing caps are used:
|
|||
|
||||
## Shorter readcaps
|
||||
|
||||
(oh, oops, ignore this part. HMACs using the readcap as key are vulnerable to
|
||||
manipulation by a collusion between Rose-the-readcap-holder and the storage
|
||||
servers, and could be used to cause another readcap-holder to see the wrong
|
||||
data. Nevermind.)
|
||||
|
||||
To make the readcap shorter, we must give up something, like complete
|
||||
server-side validation and complete offline attenuation.
|
||||
|
||||
|
|
Loading…
Reference in a new issue