id summary reporter owner description type status priority milestone component version resolution keywords cc launchpad_bug 1164 use ChaCha⊕AES encryption zooko somebody "meaningless change to trigger the mysterious ""everything has changed"" diff, that happens the first time you change an old ticket. In order to protect against weaknesses in AES (such as timing or side-channel attacks, or cryptanalysis, possibly far in the future and applied against old ciphertexts), want to use a combined encryption of AES-128 and XSalsa20. Yu Xue (Student) and Jack Lloyd (Mentor) are working on implementing that mode for GSoC 2010: [//trac/pycryptopp/ticket/46 https://tahoe-lafs.org/trac/pycryptopp/ticket/46] This ticket is to integrate that encryption mode into Tahoe-LAFS. The steps are to define new capability versions, such as by inserting an {{{X}}} into the cap type designator: [//pipermail/tahoe-dev/2010-August/004878.html https://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004878.html] [//pipermail/tahoe-dev/2010-August/004879.html https://tahoe-lafs.org/pipermail/tahoe-dev/2010-August/004879.html] And to make it so that caps of that new type get encrypted/decrypted with XSalsa20+AES-128 instead of with AES-256. For the first release of Tahoe-LAFS which includes that functionality, it will still by default create new caps using the old encryption of only AES-256. It is important that people feel free to upgrade to new versions of Tahoe-LAFS without having to take any steps to ensure backward-compatibility, and that means that the new version of Tahoe-LAFS ''must not'', by default, produce caps that older versions of Tahoe-LAFS (such as v1.8.0) can't read. [//pipermail/tahoe-dev/2010-August/004936.html This tahoe-dev letter] lists all the places where the current source code (which is Tahoe-LAFS v1.8.0c1) uses encryption: * [source:src/allmydata/dirnode.py@4539#L174] * [source:src/allmydata/dirnode.py@4539#L293] * [source:src/allmydata/immutable/filenode.py@4661#L166] * [source:src/allmydata/immutable/upload.py@4655#L619] * [source:src/allmydata/immutable/upload.py@4655#L728] * [source:src/allmydata/mutable/filenode.py@4329#L131] * [source:src/allmydata/mutable/filenode.py@4329#L136] * [source:src/allmydata/mutable/publish.py@4329#L400] * [source:src/allmydata/mutable/retrieve.py@4329#L518] * [source:src/allmydata/util/fileutil.py@4609#L118] This is inspired by [wiki:OneHundredYearCryptography The One-Hundred-Year Cryptography Project]." enhancement new major 1.12.0 code 1.8β confidentiality dragonxue jack.lloyd randombit