[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Apso-devel] Hiding revision IDs

From: Ulf Ochsenfahrt
Subject: Re: [Apso-devel] Hiding revision IDs
Date: Thu, 26 Oct 2006 13:10:34 +0200
User-agent: Thunderbird (X11/20060927)

Jeronimo Pellegrini wrote:
This was brought up by Ulf Ochsenfahrt on Monotone-devel.

Currently, Apso stores encrypted deltas in files whose name
is the revision ID.

Suppose you're working on project MyBSD, which is a modified version
of the FreeBSD kernel. Then one day you resync with the FreeBSD
tree. This delta from the BSD tree is well-known, and it would
show to an attacker that you are working on a fork of FreeBSD.

Maybe there is a way to not give away the revision ID like that?

We could use random strings to identify encrypted deltas, and then
we'd need to keep an ancestry map of these IDs, and a mapping from
them onto real revision hashes.

I've also thought about this. Maybe there is a better way to do this. I don't know the internal data structure, so I'll just give it a shot. Correct me if I'm making any incorrect assumptions.

The revision id is a SHA1 checksum, so you can't tell anything just from the number. However, there is the manifest, and the manifest correlates the revision id to the revision contents. Now if you'd encrypt the manifest, that would help with reducing the amount of 'leaked' information. However, that means you can't sync anymore, because sync needs to know what is contained in the revision. Now, you could split the manifest. One part contains the relationship between filenames and file contents, and is encrypted. And the other contains just a list of content ids. When syncing, you don't really need to know what the filename is, you just need to figure out which (binary) blobs to transfer.

This doesn't save against a correlation attack. Someone can look at one revision and see the content ids there and look at another and see those there. If a lot of ids are identical (a lot of unchanged files, which is not unusual), then the attacker can infer that there must be a relationship between those revisions. So when he can see the database, he might be able to infer the revision graph.


-- Ulf

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]