[145070] in cryptography@c2.net mail archive
Re: hedging our bets -- in case SHA-256 turns out to be insecure
daemon@ATHENA.MIT.EDU (David-Sarah Hopwood)
Mon Nov 16 12:19:05 2009
Date: Thu, 12 Nov 2009 00:03:44 +0000
From: David-Sarah Hopwood <david-sarah@jacaranda.org>
To: cryptography@metzdowd.com
In-Reply-To: <c5528eee0911101803s35117fa3q63715cb6f3f86bbf@mail.gmail.com>
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA0AEEEA026F2E5B63AF65436
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Sandy Harris wrote:
> On 11/8/09, Zooko Wilcox-O'Hearn <zooko@zooko.com> wrote:
>=20
>> Therefore I've been thinking about how to make Tahoe-LAFS robust agai=
nst
>> the possibility that SHA-256 will turn out to be insecure.
[...]
> Since you are encrypting the files anyway, I wonder if you could
> use one of the modes developed for IPsec where a single pass
> with a block cipher gives both encrypted text and a hash-like
> authentication output. That gives you a "free" value to use as
> H3 in my scheme or H2 in yours, and its security depends on
> the block cipher, not on any hash.
Tahoe is intended to provide resistance to collision attacks by the
creator of an immutable file: the creator should not be able to generate
files with different contents, that can be read and verified by the same
read capability.
An authenticated encryption mode won't provide that -- unless, perhaps,
it relies on a collision-resistant hash.
--=20
David-Sarah Hopwood =E2=9A=A5 http://davidsarah.livejournal.com
--------------enigA0AEEEA026F2E5B63AF65436
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iF4EAREIAAYFAkr7UOAACgkQWUc8YzyzqAc6lwD6ApTJVAxAN7RwDKXO/pa//tsh
D/HmUWV63Wp4h292J1YBAIGLjaqbTMrwn3zcJkzytMt+5NXBxn5Dxd76L+OT8o8h
=hey+
-----END PGP SIGNATURE-----
--------------enigA0AEEEA026F2E5B63AF65436--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
