[mnet-devel] Re: [web-calculus] YURLs
Zooko
zooko at zooko.com
Sun Jul 20 21:25:39 BST 2003
[Following-up to my own e-mail letter to correct an error.]
I, Zooko, wrote:
>
> If it matches its hash but the encryption key is wrong, then user sees random
> garbage -- whatever the ciphertext decrypts to under the incorrect key.
>
> Hm -- *that* isn't good. In a future version of Mnet, an incorrect key will
> also yield nothing but an error message.
>
> (I can't think of any scenarios in which the current behavior could be
> exploited, but it still seems sub-optimal.)
Actually, I was wrong about this. I'm pretty sure that you can't find an
alternate symmetric key (other than the one actually used to encrypt) which
will yield anything other than an error message.
I (obviously!) haven't thought a lot about that issue in the design, and
I doubt that Myers thought about it when he implemented it.
Here is the design doc, which is short and sweet and informal for your reading
enjoyment:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/*checkout*/mnet/mnet_new/doc/new_filesystem.html
Regards,
Zooko
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
mnet-devel mailing list
mnet-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel
More information about the Mnet-devel
mailing list