[p2p-hackers] convergent encryption reconsidered
Leichter, Jerry
leichter_jerrold at emc.com
Sun Mar 30 15:12:01 EDT 2008
| > They extended the confirmation-of-a-file attack into the
| > learn-partial-information attack. In this new attack, the
| > attacker learns some information from the file. This is done by
| > trying possible values for unknown parts of a file and then
| > checking whether the result matches the observed ciphertext.
|
| How is this conceptually different from classic dictionary attacks,
| and why does e.g. running the file through PBKDF2 and using the result
| for convergence not address your concern(s)?
How would that help?
Both the ability of convergent encryption to eliminate duplicates,
and this attack, depend on there being a deterministic algorithm
that computes a key from the file contents. Sure, if you use a
different salt for each file, the attack goes away - but so does
the de-duplication. If you don't care about de-duplication, there
are simpler, cheaper ways to choose a key.
-- Jerry
| --
| Ivan Krsti? <krstic at solarsail.hcs.harvard.edu> | http://radian.org
|
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
|
|
More information about the cryptography
mailing list