Colin Percival et al: new "chunking attacks" paper

Yesterday, Colin Percival, Boris Alexeev and Yan X Zhang published a paper entitled “Chunking attacks on Tarsnap (and others)”. Those “others” specifically include restic.

I am nowhere near qualified to comment on it, but generally speaking I trust Percival’s judgment on such matters (no offense implied or meant to the other authors - I’m just not familiar with them). So, I wanted to make sure it was brought to the attention of the restic devs and more broadly the restic community.

Has there been any discussion on this? Any plans of how (if?) to deal with it? Or so forth? A brief search on these forums didn’t reveal anything to me.

EDIT: Whoops, forgot to give links:

Percival’s announcement: Chunking attacks on Tarsnap (and others)

The paper (PDF): https://www.daemonology.net/blog/chunking-attacks.pdf

1 Like

The main discussion will be on Github: Attack on content-defined chunking algorithm used by restic · Issue #5291 · restic/restic · GitHub . I’ll take a look tomorrow.

2 Likes