From: roger peppe <rogpeppe@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Sources Gone?
Date: Tue, 3 Feb 2009 13:38:00 +0000 [thread overview]
Message-ID: <df49a7370902030538r1770660vfac8887b7e4baa48@mail.gmail.com> (raw)
In-Reply-To: <7bffd90986cd11342f8d01fbd53e84e0@quanstro.net>
in the past i've pondered, in my crypto-naive way, if it
might be possible to make venti (or at least vac) somewhat
more secure by applying some kind of crypto to the
data structures containing scores.
to my mind, the biggest security vulnerability in venti
is the ability to unconditionally enumerate an entire file tree given
its root score. if the VtPointer data structures, or the
scores within them, were encrypted somehow, maybe
that vulnerability could be mitigated. scores would still
be useful, but only in conjunction with a (salted) key.
of course, this would mean that pointer blocks would no longer
be shared between file trees, but it's my suspicion that
they don't use a significant percentage of overall storage.
this wouldn't require a change to venti itself.
but as i said, i'm naive when it comes to crypto; maybe
there's no way of doing this with any decent degree
of security or usefulness.
2009/2/3 erik quanstrom <quanstro@quanstro.net>:
>> >> I'm not sure how you'd fix this. What if only a portion of the block
>> >> belongs to me and the other happens to be the password file?
>> >
>> > venti just stores whole blocks.
>>
>> Yes, but the content isn't guaranteed to be from a single user. In
>> fact, venti has no clue. Change that and it's not venti anymore.
>
> exactly. but it's important to note that it's crypto hard to guess
> somebody else's block. since blocks are addressed by content, you
> can't share a block with someone else unless both of you stored
> the same block. now if you are worried about libventi blocks with
> pointers to other blocks, the same logic applies. venti really doesn't
> care what you store.
>
> - erik
>
>
next prev parent reply other threads:[~2009-02-03 13:38 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-23 11:56 Gregory Pavelcak
2009-01-23 14:15 ` erik quanstrom
2009-01-23 14:54 ` lucio
2009-01-23 15:09 ` erik quanstrom
2009-01-27 22:59 ` Uriel
2009-01-27 23:32 ` Russ Cox
2009-01-28 0:58 ` Kenji Arisawa
2009-01-28 5:06 ` Uriel
2009-01-28 11:46 ` Iruata Souza
2009-01-28 12:41 ` Charles Forsyth
2009-01-28 13:53 ` erik quanstrom
2009-01-29 12:12 ` Uriel
2009-01-29 13:37 ` erik quanstrom
2009-01-29 16:45 ` Roman V. Shaposhnik
2009-01-29 16:15 ` ron minnich
2009-01-29 16:34 ` Roman V. Shaposhnik
2009-01-29 16:30 ` Roman V. Shaposhnik
2009-01-29 17:18 ` Russ Cox
2009-01-29 17:30 ` erik quanstrom
2009-01-29 17:43 ` Russ Cox
2009-01-29 17:39 ` gas
2009-01-29 21:09 ` Roman V. Shaposhnik
2009-01-29 21:42 ` erik quanstrom
2009-01-29 23:05 ` Roman V. Shaposhnik
2009-01-29 23:49 ` erik quanstrom
2009-01-30 0:28 ` Russ Cox
2009-01-30 4:46 ` [9fans] Venti and version control (Was: Sources Gone?) lucio
2009-01-30 5:18 ` [9fans] Sources Gone? lucio
2009-01-31 13:45 ` Bruce Ellis
2009-01-31 18:12 ` Akshat Kumar
2009-01-31 18:44 ` Bruce Ellis
2009-02-02 22:33 ` Roman V. Shaposhnik
2009-02-02 22:43 ` erik quanstrom
2009-02-02 23:26 ` Roman V. Shaposhnik
2009-02-02 23:39 ` erik quanstrom
2009-02-03 10:04 ` Richard Miller
2009-02-03 4:23 ` lucio
2009-02-03 5:23 ` erik quanstrom
2009-02-03 5:47 ` lucio
2009-02-03 12:54 ` erik quanstrom
2009-02-03 13:38 ` roger peppe [this message]
2009-02-03 14:01 ` erik quanstrom
2009-02-03 16:13 ` Anthony Sorace
2009-02-03 16:22 ` erik quanstrom
2009-02-03 16:51 ` roger peppe
2009-02-03 16:55 ` erik quanstrom
2009-02-03 17:30 ` Brian L. Stuart
2009-02-05 1:24 ` Roman V. Shaposhnik
2009-02-03 17:42 ` lucio
2009-02-03 17:40 ` lucio
2009-02-03 17:51 ` erik quanstrom
2009-02-04 8:40 ` sqweek
2009-02-04 16:40 ` [9fans] Some arithmetic [was: Re: Sources Gone?] Nathaniel W Filardo
2009-02-04 17:10 ` Nathaniel W Filardo
2009-02-04 17:49 ` hiro
2009-02-05 11:19 ` Dave Eckhardt
2009-02-05 17:38 ` Russ Cox
2009-02-05 17:41 ` erik quanstrom
2009-02-05 18:08 ` Roman V. Shaposhnik
2009-02-05 18:22 ` Micah Stetson
2009-02-05 18:29 ` Roman V. Shaposhnik
2009-02-05 18:31 ` erik quanstrom
2009-02-05 18:32 ` hiro
2009-01-30 4:25 ` [9fans] Sources Gone? lucio
2009-01-29 22:33 ` Russ Cox
2009-01-29 22:58 ` Roman V. Shaposhnik
2009-01-29 23:06 ` Russ Cox
2009-01-29 12:13 ` kokamoto
2009-01-27 23:11 ` Patrick Kristiansen
2009-01-28 0:11 ` Tharaneedharan Vilwanathan
2009-01-28 5:55 ` lucio
2009-01-29 18:00 erik quanstrom
2009-01-29 18:00 erik quanstrom
[not found] <2b0250f2fe16a645a4641825c2f33741@quanstro.net>
2009-02-03 17:27 ` lucio
2009-02-05 1:20 ` Roman V. Shaposhnik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=df49a7370902030538r1770660vfac8887b7e4baa48@mail.gmail.com \
--to=rogpeppe@gmail.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).