moved
[Imported from Trac: page Convergence Secret, version 5]
parent
91b127f963
commit
9b81314172
|
@ -1,66 +1 @@
|
|||
```#!rst
|
||||
What Is It?
|
||||
-----------
|
||||
|
||||
A file's capability is derived from two pieces of information on
|
||||
upload: The content of the file and the upload node's "convergence
|
||||
secret". By default, the convergence secret is randomly generated by the
|
||||
node when it first starts up, then stored in the node's base directory
|
||||
(<Tahoe's node dir>/private/convergence) and re-used after that. So the
|
||||
same file content uploaded from the same node will always have the same
|
||||
cap string. Uploading the file from a different node with a different
|
||||
convergence secret would result in a different cap string—and in a
|
||||
second copy of the file's contents stored on the grid. If you want files
|
||||
you upload to converge (also known as "deduplicate") with files uploaded
|
||||
by someone else, just make sure you're using the same convergence secret
|
||||
as they are.
|
||||
|
||||
The advantages of deduplication should be clear, but keep in mind that
|
||||
the convergence secret was created to combat snooping. For example, with
|
||||
a convergence secret and a file, I can generate a file capability that
|
||||
would allow me to determine that you have uploaded a file to the grid.
|
||||
This isn't a big deal for things that are personally produced, but is a
|
||||
big deal for commonly known things that you want to keep secret that you
|
||||
know about. Examples would be a Bible in China or The Anarchist's
|
||||
Cookbook at the High School that I went to. This is called the
|
||||
"Confirm-The-File" attack.
|
||||
|
||||
There is one more way that this can be used. Let's say that you know
|
||||
somebody stores their W-2 (a US tax document) on their Tahoe-LAFS grid.
|
||||
You can, with a little script, try various numbers for identity information
|
||||
and eventually end up with your full identity and salary. This is called
|
||||
the "Learn-The-Remaining-Information" attack.
|
||||
|
||||
Here's the details of the origin of the convergence secret:
|
||||
`Convergence Secret Justification`_
|
||||
|
||||
.. _`Convergence Secret Justification`:
|
||||
<https://tahoe-lafs.org/hacktahoelafs/drew_perttula.html>
|
||||
|
||||
What If I Change My Convergence Secret?
|
||||
---------------------------------------
|
||||
|
||||
All your old file capabilities will still work, but the new data that
|
||||
you upload will not be deduplicated with the old data. If you upload all
|
||||
of the same things to the grid, you will end up using twice the space
|
||||
until garbage collection kicks in, if it's enabled. As one user put it,
|
||||
it would move the node where you change the convergence secret into a
|
||||
new deduplication domain.
|
||||
|
||||
How To Use It
|
||||
-------------
|
||||
|
||||
To enable deduplication between different clients, **securely** copy
|
||||
the convergence secret file from one client to all the others.
|
||||
|
||||
For example, if you are on host A and have an account on host B and you
|
||||
have scp installed, run:
|
||||
|
||||
*scp ~/.tahoe/private/convergence
|
||||
> my_other_account@B:.tahoe/private/convergence*
|
||||
|
||||
If you have two different nodes on a single computer, say one for each
|
||||
disk, you would do:
|
||||
|
||||
*cp /tahoe1/private/convergence /tahoe2/private/convergence*
|
||||
```
|
||||
moved to source:git/docs/convergence-secret.rst
|
||||
|
|
Loading…
Reference in a new issue