Closed jcnelson closed 10 years ago
On that note, the block hash should be calculated with an initialization vector to prevent known-plaintext attacks on our upcoming cryptosystem.
Embedded the block hashes into the manifest. Continue to use block version numbers, since doing so hides the block hashes from the CDN if the manifest is encrypted.
Instead of storing a version number for each block in the manifest, store a cryptographic hash of the block, and use it to identify that version of the block's contents.
On update, the UG should send the cryptographic hash of all of the blocks' hashes to the MS.
On open, the UG should fetch the manifest and verify the integrity of its blocks' hashes against the MS's hash.
On read, the UG should use the manifest's given cryptographic hash to verify a block's integrity.