From 2728ecb8e11a850ef9d7e1f974fd5bd4d27a4aef Mon Sep 17 00:00:00 2001
From: zooko <>
Date: Sat, 10 Oct 2009 21:58:19 +0000
Subject: [PATCH] whee more attacks

[Imported from Trac: page NewCaps/WhatCouldGoWrong, version 2]
---
 NewCaps/WhatCouldGoWrong.md | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/NewCaps/WhatCouldGoWrong.md b/NewCaps/WhatCouldGoWrong.md
index 552aa4c..768ea4f 100644
--- a/NewCaps/WhatCouldGoWrong.md
+++ b/NewCaps/WhatCouldGoWrong.md
@@ -1,10 +1,16 @@
 This is about What Could Go Wrong with the "Elk Point 2" immutable file caps: <http://jacaranda.org/tahoe/immutable-elkpoint-2.svg>
 
-| | | | | |
-|---|---|---|---|---|
-|*what bad thing could happen*|*who could do it*|*what could they target*|*what crypto property prevents it*|*how expensive to brute force*|
-|shape-shifter immutable file [1]footnote|creator of a file|their own file|the hash function's and cap format's collision resistance on the read-cap (*R*,*T*)|2^(*r*+*t*)/2^|
-|unauthorized read|anyone|any file|the cipher's security and the secrecy of the read-key *R*|2^*r*^|
-|forgery of immutable file|anyone|any file|the hash function's and cap format's second-pre-image resistance on (*R*,*T*)|2^*r*+*t*^|
+| | | | | | | |
+|---|---|---|---|---|---|---|
+|#|*what bad thing could happen*|*how*|*who could do it*|*what could they target*|*what crypto property prevents it*|*how expensive to brute force*|
+|1|shape-shifter immutable file [1]footnote|collide read-cap (*R*,*T*)|creator of a file|their own file|the hash function's and cap format's collision resistance on the read-cap (*R*,*T*)|2^(*r*+*t*)/2^|
+|2|unauthorized read|attack the encryption of *K* with *R*|anyone|any one file|the cipher's security and the secrecy of the read-key *R*|2^*r*^|
+|3|forgery of immutable file|generate a matching read-cap (*R*,*T*) for someone else's file|anyone|any one file|the hash function's and cap format's second-pre-image resistance on (*R*,*T*)|2^*r*+*t*^|
+|4|roadblock or speedbump [2]footnote|generate (*V*,*K*,*D*) which hash to a someone else's *T*, and copy their *S*|anyone|any one file|the hash function's and cap format's collision resistance on *T*|2^*t*^|
+|5|unauthorized read|attack the encryption of the plaintext with *K*|anyone|any one file|the cipher's security and the secrecy of the encryption key *K*|2^*k*^|
+|6|unauthorized read|figure out the input to the hash function that generates *S*|anyone|any one file|the hash function's pre-image resistance on *S*|brute force attack on *R* is !#2|
 
 1. *shape-shifter immutable file*: creator creates more than one file matching the immutable file readcap
+2. *roadlblock*: attacker prevents uploader (including repairer) from being able to write a real share into the right storage index; *speedbump*: attacker adds his bogus share into the list of shares stored under the storage index by the same method; downloader has to download, examine, and discard the bogus (*V*,*K*,*D*)'s until it finds the real one
+
+<http://allmydata.org/pipermail/tahoe-dev/2009-October/002959.html>
\ No newline at end of file