[Imported from Trac: page NewCapDesign, version 11]
parent
d1702aa351
commit
bc3c7bd5da
|
@ -87,13 +87,13 @@ established sense). To make them real, we need to:
|
||||||
|
|
||||||
## make them long enough to be secure
|
## make them long enough to be secure
|
||||||
|
|
||||||
We want filecaps to be as possible, but no shorter. There are
|
We want filecaps to be as short as possible, but no shorter. There are
|
||||||
several lower bounds on the length:
|
several lower bounds on the length:
|
||||||
|
|
||||||
* confidentiality: A large computing effort should not be able
|
* confidentiality: A large computing effort should not be able
|
||||||
to obtain the plaintext of a tahoe file without knowing the
|
to obtain the plaintext of a tahoe file without knowing the
|
||||||
readcap. We require reasonable margin against improvements in
|
readcap. We require reasonable margin against improvements in
|
||||||
hardware speed and organization efficiency/motivation of
|
hardware speed and organizational efficiency/motivation of
|
||||||
distributed efforts (e.g. could a million PS3 owners break a
|
distributed efforts (e.g. could a million PS3 owners break a
|
||||||
filecap?). This currently implies a 128 bit confidentiality
|
filecap?). This currently implies a 128 bit confidentiality
|
||||||
field.
|
field.
|
||||||
|
|
Loading…
Reference in a new issue