Hacker News new | past | comments | ask | show | jobs | submit login

Because if the data is encrypted as suggested here, then the hashes wouldn't match and the content won't be de-duplicated.



Data encryption can be decoupled from key encryption. Let's say I hash the content of a file, encrypt the file with its own hash, and then encrypt the hash with the user's password.

This way you can have deduplication of data, and only an attacker that knows the content of the file can decrypt the file, but since they already have the file, it does not matter.


Convergent encryption without a user specific key has two weaknesses:

1. You can tell that the user posses a known file. Such as a pirated movie. This is what this thread is about.

2. If the attacker knows the file except a sufficiently small secret part, they can learn that part.

https://tahoe-lafs.readthedocs.io/en/latest/convergence-secr...




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: