On Mon, Sep 24, 2012 at 6:59 PM, Yaverot <yave...@computermail.net> wrote: > A key part of Tahoe is that if someone else sticks the Avengers movie that > comes out tomorrow on my server, I have no knowledge or access to it. So > $BigCompany can't just MD5(avengers movie) and then sue me into oblivion for > "distributing" it. You're probably fine to backup Windows 7, but if it lands > on my server... I don't have a Win7 license. > > Like I started with, I'm probably hearing the worst possible interpretation > of what you meant to say.
This plaintext hash would be stored in a place only accessible to people who hold the read cap. Probably encrypted with the read-key in the UEB. This means if a non trivial convergence secret was used, no confirmation attack is possible for people who don't know that key. If no convergence secret is used, this attack will be possible, but that's already the case. So doesn't reduce security. ------- Currently there is one significant leak left: The exact size of the file is visible to parties without read-cap. There won't be that many large files with a specific size, giving a good indication what a file might be. But I'm sure the new design will have padding to reduce the effect of that leak. So the new design should be more secure than the current regarding confirmation attacks. _______________________________________________ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev