On Thu, Aug 14, 2008 at 4:57 AM, Michael Rogers <m.rogers at cs.ucl.ac.uk> wrote: > On Aug 12 2008, Matthew Toseland wrote: >> We can increase the cost significantly and thereby slow the attacker >> down. It's still possible, but it's no longer trivial, because they have >> to try every key they are interested in against every block in the store > > No they don't. They just unplug the network cable, start the node, and > request each key they're interested in. Any keys that succeed are in the > store. > > Strictly speaking it's true that obfuscating the store prevents an attacker > from enumerating the keys it contains, but that's not really relevant > because the attacker doesn't want a list of the keys in the store - they > want to know whether certain keys are in the store. If I can find that out > by starting the node without entering a passphrase then so can they.
The store is also encrypted with a per-store key. In case of emergency, just erasing the key from disk would make the whole store unusable. Overwriting 16 bytes is far easier then overwriting the whole store. I am not sure if this worth the effort, but this is the reason behind it. > Cheers, > Michael