added cap examples for K=160, and link to argument about multi-target attacks
[Imported from Trac: page NewMutableEncodingDesign, version 13]
parent
854b649f2e
commit
9e40b833b8
|
@ -46,8 +46,8 @@ directly in the filecap, simplifying the design considerably.
|
|||
|
||||
## Filecap Length
|
||||
|
||||
A likely security parameter K (=kappa) would be 96 or 128 bits, and most of
|
||||
the filecaps will be some multiple of K.
|
||||
A likely security parameter K (=kappa) would be 96, 128, or 160 bits, and most of
|
||||
the filecaps will be some multiple of K. [96 bits is too short IMHO --David-Sarah]
|
||||
|
||||
Assuming a `tahoe:` prefix and no additional metadata, here's what
|
||||
various lengths of base62-encoded filecaps would look like:
|
||||
|
@ -55,25 +55,34 @@ various lengths of base62-encoded filecaps would look like:
|
|||
* 1*K:
|
||||
* 96 `tahoe:14efs6T5YNim0vDVV`
|
||||
* 128 `tahoe:4V2uIYVX0PcHu9fQrJ3GSH`
|
||||
* 160 `tahoe:8gdR7Epld72UvkF6Pe9hhT8NQx3`
|
||||
* 2*K:
|
||||
* 192 `tahoe:072Og6e75IOP9ZZsbR1Twjs6X5xXJnBAF`
|
||||
* 256 `tahoe:fZeioazoWrO62reiAjzUAyV0uz3ssh6Hnanv8cKMClY`
|
||||
* 320 `tahoe:j6Re0BbWp7DqJtgd9fUXl4pWiD5kr1mjT9DtudJ72o0vhPen83Utza`
|
||||
* 3*K:
|
||||
* 288 `tahoe:11DriaxD9nipA10ueBvv5uoMoehvxgPerpQiXyvMPeiUUdtf6`
|
||||
* 384 `tahoe:3a31SqUbf8fpWE1opRCT3coDhRqTU7bDU2AvC3RQJBu6ZNFhVscyxA9slYtPVT79x`
|
||||
* 480 `tahoe:P6rGeI6CwlG4i8W2l6haSoC9rfPjw0KHBi8xAk4F8vdhnRhL8nwE27CitJ9Rld06HuKt8VucypJRcbGFo`
|
||||
|
||||
Adding 2 metadata characters and a clear separator gives us:
|
||||
|
||||
* 96: `tahoe:MW-14efs6T5YNim0vDVV`
|
||||
* 128: `tahoe:DW-4V2uIYVX0PcHu9fQrJ3GSH`
|
||||
* 160: `tahoe:DW-8gdR7Epld72UvkF6Pe9hhT8NQx3`
|
||||
* 192: `tahoe:MR-072Og6e75IOP9ZZsbR1Twjs6X5xXJnBAF`
|
||||
* 256: `tahoe:DR-fZeioazoWrO62reiAjzUAyV0uz3ssh6Hnanv8cKMClY`
|
||||
* 288: `tahoe:MR-11DriaxD9nipA10ueBvv5uoMoehvxgPerpQiXyvMPeiUUdtf6`
|
||||
* 384: `tahoe:MR-3a31SqUbf8fpWE1opRCT3coDhRqTU7bDU2AvC3RQJBu6ZNFhVscyxA9slYtPVT79x`
|
||||
* 320: `tahoe:MV-j6Re0BbWp7DqJtgd9fUXl4pWiD5kr1mjT9DtudJ72o0vhPen83Utza`
|
||||
* 384: `tahoe:DV-3a31SqUbf8fpWE1opRCT3coDhRqTU7bDU2AvC3RQJBu6ZNFhVscyxA9slYtPVT79x`
|
||||
* 480: `tahoe:MV-P6rGeI6CwlG4i8W2l6haSoC9rfPjw0KHBi8xAk4F8vdhnRhL8nwE27CitJ9Rld06HuKt8VucypJRcbGFo`
|
||||
|
||||
[#217:c44](http://allmydata.org/trac/tahoe/ticket/217#comment:44) says that,
|
||||
if we don't need to prevent collisions, then we can use a K-bit hash for
|
||||
K-bit second-pre-image resistance.
|
||||
K-bit second-pre-image resistance. However, see
|
||||
[#882:c6](http://allmydata.org/trac/tahoe/ticket/882#comment:6) for a
|
||||
counterargument saying that 50 extra bits or so are needed to be secure
|
||||
against multi-target attacks.
|
||||
|
||||
# Design Proposals
|
||||
|
||||
|
|
Loading…
Reference in a new issue