mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

comment

Browse source
This commit is contained in:
Joey Hess 2023-01-02 15:08:24 -04:00
parent 599758e0d3
commit c326e5100f
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/todo/encrypted_keys_in_git_repository/comment_4_e88664a0939b7bca730a61efb47d34ab._comment Normal file
View file

@ -0,0 +1,14 @@
[[!comment format=mdwn
username="joey"
subject="""comment 4"""
date="2023-01-02T19:03:34Z"
content="""
I'm talking about a single file that the attacker already knows the content
of, and wishes to determine if it's present in the repository. That takes a
single scrypt operation, so scrypt's added difficulty is not relevant.
If the attacker doesn't know the file content, and is trying to hash random
values until they find one that matches the git-annex key, then a sha2 is
equally good protection as scrypt, because the amount of work is
computationally infeasible in both cases.
"""]]