Robert Snively wrote: > [...] > A shared media can potentially be accessed by multiple agents, thereby > raising the possibility that an attacker can get access to the encrypted > storage. The cryptographic transform must therefore provide protection > against ciphertext manipulation by an attacker. > > RNS: Is the intent to simply prevent an attacker from > gaining useful access to the storage? I suppose > that also includes the possibility that multiple > agents (whatever those are) can access and modify the > data if authorized. However, the second > sentence concerns me a bit, because an obvious form > of manipulation involves writing over the ciphertext, > something that the encryption does nothing at all to > prevent. That may be almost as devastating as writing > properly encrypted but unauthorized data. > > The second sentence might better be deleted.
I do not understand the concern here. When an attacker has access to your storage, you must assume that it can delete it. Cryptography will not help you there. It might help you, however, in ensuring that it cannot modify the storage without being detected. LRW does achieve that to some extent, and the "second sentence" refers to that. You may argue that it would be more accurate if it says "some protection" rather than "protection", but I do not see any reason to delete it. -- Shai
