This came up in Tahoe's use of convergent encryption which allows you do confirm some
missing information. For example, if you know someone has a PDF template of a form which
you know everything about except an SSN field, you can generate forms with all the SSNs
and look for collisions, thereby confirming their SSN.
In this case, you could perform the same attack but look for dedups.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Tahoe LAFS information confirmation attack
Date: 2020-07-28 01:31 am (UTC)This came up in Tahoe's use of convergent encryption which allows you do confirm some missing information. For example, if you know someone has a PDF template of a form which you know everything about except an SSN field, you can generate forms with all the SSNs and look for collisions, thereby confirming their SSN.
In this case, you could perform the same attack but look for dedups.