From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] Sources Gone?
Date: Tue, 3 Feb 2009 09:01:03 -0500 [thread overview]
Message-ID: <f87bb981ef60f4b40f537f3ab25ac23a@quanstro.net> (raw)
In-Reply-To: <df49a7370902030538r1770660vfac8887b7e4baa48@mail.gmail.com>
> to my mind, the biggest security vulnerability in venti
> is the ability to unconditionally enumerate an entire file tree given
> its root score. if the VtPointer data structures, or the
> scores within them, were encrypted somehow, maybe
> that vulnerability could be mitigated. scores would still
> be useful, but only in conjunction with a (salted) key.
i'm not sure i understand. either you have the key (score)
and you can decrypt the whole cyphertext (read the file tree
below), or you don't. assuming of course that scores are too
hard to guess. so the solution is: don't give out the root score.
(ot: you could think of a venti tree as a keyring, but that's
just nutty.)
> of course, this would mean that pointer blocks would no longer
> be shared between file trees, but it's my suspicion that
> they don't use a significant percentage of overall storage.
is there any other way to end up with the same pointer block
than starting with the same data? conversely if either
data anywhere "below" (forgive the imprecision), pointer
blocks will change all the way up to the root and the root
will not be shared. i don't see how information could leak,
either.
am i missing something?
- erik
next prev parent reply other threads:[~2009-02-03 14:01 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-23 11:56 Gregory Pavelcak
2009-01-23 14:15 ` erik quanstrom
2009-01-23 14:54 ` lucio
2009-01-23 15:09 ` erik quanstrom
2009-01-27 22:59 ` Uriel
2009-01-27 23:32 ` Russ Cox
2009-01-28 0:58 ` Kenji Arisawa
2009-01-28 5:06 ` Uriel
2009-01-28 11:46 ` Iruata Souza
2009-01-28 12:41 ` Charles Forsyth
2009-01-28 13:53 ` erik quanstrom
2009-01-29 12:12 ` Uriel
2009-01-29 13:37 ` erik quanstrom
2009-01-29 16:45 ` Roman V. Shaposhnik
2009-01-29 16:15 ` ron minnich
2009-01-29 16:34 ` Roman V. Shaposhnik
2009-01-29 16:30 ` Roman V. Shaposhnik
2009-01-29 17:18 ` Russ Cox
2009-01-29 17:30 ` erik quanstrom
2009-01-29 17:43 ` Russ Cox
2009-01-29 17:39 ` gas
2009-01-29 21:09 ` Roman V. Shaposhnik
2009-01-29 21:42 ` erik quanstrom
2009-01-29 23:05 ` Roman V. Shaposhnik
2009-01-29 23:49 ` erik quanstrom
2009-01-30 0:28 ` Russ Cox
2009-01-30 4:46 ` [9fans] Venti and version control (Was: Sources Gone?) lucio
2009-01-30 5:18 ` [9fans] Sources Gone? lucio
2009-01-31 13:45 ` Bruce Ellis
2009-01-31 18:12 ` Akshat Kumar
2009-01-31 18:44 ` Bruce Ellis
2009-02-02 22:33 ` Roman V. Shaposhnik
2009-02-02 22:43 ` erik quanstrom
2009-02-02 23:26 ` Roman V. Shaposhnik
2009-02-02 23:39 ` erik quanstrom
2009-02-03 10:04 ` Richard Miller
2009-02-03 4:23 ` lucio
2009-02-03 5:23 ` erik quanstrom
2009-02-03 5:47 ` lucio
2009-02-03 12:54 ` erik quanstrom
2009-02-03 13:38 ` roger peppe
2009-02-03 14:01 ` erik quanstrom [this message]
2009-02-03 16:13 ` Anthony Sorace
2009-02-03 16:22 ` erik quanstrom
2009-02-03 16:51 ` roger peppe
2009-02-03 16:55 ` erik quanstrom
2009-02-03 17:30 ` Brian L. Stuart
2009-02-05 1:24 ` Roman V. Shaposhnik
2009-02-03 17:42 ` lucio
2009-02-03 17:40 ` lucio
2009-02-03 17:51 ` erik quanstrom
2009-02-04 8:40 ` sqweek
2009-02-04 16:40 ` [9fans] Some arithmetic [was: Re: Sources Gone?] Nathaniel W Filardo
2009-02-04 17:10 ` Nathaniel W Filardo
2009-02-04 17:49 ` hiro
2009-02-05 11:19 ` Dave Eckhardt
2009-02-05 17:38 ` Russ Cox
2009-02-05 17:41 ` erik quanstrom
2009-02-05 18:08 ` Roman V. Shaposhnik
2009-02-05 18:22 ` Micah Stetson
2009-02-05 18:29 ` Roman V. Shaposhnik
2009-02-05 18:31 ` erik quanstrom
2009-02-05 18:32 ` hiro
2009-01-30 4:25 ` [9fans] Sources Gone? lucio
2009-01-29 22:33 ` Russ Cox
2009-01-29 22:58 ` Roman V. Shaposhnik
2009-01-29 23:06 ` Russ Cox
2009-01-29 12:13 ` kokamoto
2009-01-27 23:11 ` Patrick Kristiansen
2009-01-28 0:11 ` Tharaneedharan Vilwanathan
2009-01-28 5:55 ` lucio
2009-01-29 18:00 erik quanstrom
2009-01-29 18:00 erik quanstrom
[not found] <2b0250f2fe16a645a4641825c2f33741@quanstro.net>
2009-02-03 17:27 ` lucio
2009-02-05 1:20 ` Roman V. Shaposhnik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f87bb981ef60f4b40f537f3ab25ac23a@quanstro.net \
--to=quanstro@quanstro.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).