[mnet-devel] Re: [web-calculus] YURLs
Zooko
zooko at zooko.com
Mon Jul 21 00:22:28 BST 2003
[Removing Cc:'s except Trevor Perrin and mnet-devel.]
Trevor Perrin wrote:
>
> it looks like a bad symmetric key will cause the inode to decrypt
> improperly, so the code that parses the inode will probably complain that
> it's gibberish.
I agree. This is doubly true for inodes which contain blockIds -- for the
file to finish reconstruction would require that the inode decrypt into
something containing real blockIds that map to real blocks!
> It might be better to catch this error before parsing - if
> the inodeId was an HMAC-SHA1 of the encrypted inode and the encryption key,
> I think that would work.
Hm. The problem with that is that servers store the encrypted inode block,
indexed by the inodeId (== SHA1(encryptedinode)), and the servers are not
allowed to know the encryption key.
Therefore, we need the mapping between encryptedinode and inodeId to be
verifiable without knowledge of the key (so that servers can verify the
validity of blockId->block mappings for the blocks they store).
I agree that it would be better to explicitly include some information to
double-check the encryption key. Then I could say "If the file reconstructs
without an error, then either the result is the original file or an attacker
has found a collision in SHA1.".
As it is, I can only say "If the file reconstructs without an error, then
either the result is the original file, or an attacker has found a collision
in SHA1, or an attacker has found an AES key which decrypts this ciphertext
into some plaintext which has at least 64 bits of his choosing.".
I really don't know how plausible is that last threat (the funny AES key).
So here is a proposal -- the last 20 bytes of the inode are the HMAC of the
rest of the inode with the symmetric key. This is the simplest solution
I can think of which preserves our requirements for mnet URIs and which allows
us once again to say "Either the resulting file is the original file or an
attacker has found a collision in SHA1.".
Regards,
Zooko
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
mnet-devel mailing list
mnet-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel
More information about the Mnet-devel
mailing list