cleversafe says: 3 Reasons Why Encryption is Overrated

Jerry Leichter leichter at lrw.com
Sun Jul 26 08:10:13 EDT 2009 

On Jul 26, 2009, at 12:11 AM, james hughes wrote:

>
> On Jul 24, 2009, at 9:33 PM, Zooko Wilcox-O'Hearn wrote:
>
>> [cross-posted to tahoe-dev at allmydata.org and cryptography at metzdowd.com 
>> ]
>>
>> Disclosure:  Cleversafe is to some degree a competitor of my Tahoe- 
>> LAFS project.
> ...
>> I am tempted to ignore this idea that they are pushing about  
>> encryption being overrated, because they are wrong and it is  
>> embarassing.
>
> The trick is cute, but I argue largely irrelevant. Follows is a  
> response to this web page that can probably be broadened to be a  
> criticism of any system that claims security and also claims that  
> key management of some sort is not a necessary evil....
It seems to me there's a much simpler critique.  The Cleversafe  
approach - which is not without its nice points - solves the "key  
management problem" in exactly the same way that some version of  
Windows solved the "frequent General Protection Fault crashes" problem  
(by eliminating the error message).

The "key management problem" comes down to:  I have encrypted data  
stored somewhere (where we assume attackers can access it, but not  
make use of it without the key).  To make that data meaningful, I need  
to be able to locate the key appropriate to that data.  What's a key?   
It's some private information.  In Cleversafe's approach, I have data  
stored in pieces all over the place.  To get at it, I need to know  
where the pieces of some data are.  That information has to be secret,  
since anyone who has access to it can do the same computation and  
recover the data just as I can.

Alternatively, I can rely not on the secrecy of that information, but  
on the discretion of those who hold the pieces.  OK, but I could have  
done that with a simpler technique:  Encrypt the data conventionally,  
then split the key among the trusted holders.  That's a tiny, and more  
to the point, *fixed* overhead beyond the size of the data, which will  
always beat the cleverest Reed-Solomon or erasure coding.  (It also  
has - if I use an appropriate mode - such nice features as random  
access to small parts of the data without the need to decrypt the  
whole thing first.)

Granted, Cleversafe has other nice features.  But other than changing  
"the key management problem" to "the secret information needed to get  
at the data, which won't be used as a crypto key" problem, I don't see  
how they've actually *solved* anything.

Further:  If I'm only encrypting stuff for myself, there's little  
reason to use multiple keys.  The key management problem becomes  
interesting when there is different encrypted data with different  
access rights for different groups of users.  It's beyond me how  
Cleversafe's approach makes this easier - or harder.
                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list