Closed MeanMangosteen closed 5 years ago
What is the AD used for here? Provide further integrity?
From what I understand, it to provide integrity to information that is not part of the cipher text but still bound to the ciphertext. This would be plaintext stuff like salts, IVs, version numbers, config params in the header etc...
If an attacker were to manipulation them, the system will not be ignorant to the changes, as it will not be able to authenticate the manipulated data.
What are we using this for? #11 or #8?
So to conclude, the AD is useful for maintaining the integrity of chunk-level metadata. However #11 and #8 is about file level metadata where we are going to maintain both the plaintext metadata and encrypted-fs metadata. So this is not needed right now. When we have relevant chunk-level metadata, we can revisit this.
https://github.com/MatrixAI/js-polykey/issues/14#issuecomment-457084648
We have to decide what sort data would be most appropriate to use as AD. Or whether to use AD at all. It is optional.