[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remailer passphrases




Bill Frantz writes:
> One of the reasons classical (government) crypto users change keys
> frequently is to minimize the amount of data compromised by a broken key. 
> We keep hearing about NSA decrypting 20 year old cyphertext and showing
> more of the workings of the atomic spy rings operating in the 40s and 50s. 
> If an opponent can rubber hose the key, her job is easy.  If she has to
> perform cryptoanalysis, it is much harder.  Remailers should regularly
> change their keys to avoid compromising previously recorded traffic.  (They
> can have a long lived key for signing their traffic keys.)

Signed Diffie-Hellman key exchanges have the property known as
"Perfect Forward Secrecy". Even if the opponent gets your public keys
it still will not decrypt any traffic for him at all -- it just lets
him pretend to be you. Thats one reason why protocols like Photuris
and Oakley use the technique.

Perry