On Tuesday 12 August 2008 21:31, Michael Rogers wrote: > On Aug 12 2008, Matthew Toseland wrote: > >No. You can only decrypt the data if you have the key. :) > > > > Seriously, we encrypt the blocks in the salted hash datastore with a key > > derived from the key of the block. And we index them by a different hash > > of the same key. This increases the cost of an offline attack on the > > store considerably. > > If I can tell which blocks are in the store just by starting the node, then > anyone who seizes my hard drive can also tell which blocks are in the > store. > > The only way to get around that would be to introduce some secret that I > know but the person seizing my harddrive doesn't, ie a passphrase. Anything > else is just pointless obfuscation.
We can increase the cost significantly and thereby slow the attacker down. It's still possible, but it's no longer trivial, because they have to try every key they are interested in against every block in the store - instead of just enumerating the keys in the store and doing a database lookup on the list of keys they are interested in. This is exactly what we have done in the salted hash store. > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080812/e869382e/attachment.pgp>