[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remailer passphrases

To: Bill Stewart <[email protected]>
Subject: Re: Remailer passphrases
From: "Perry E. Metzger" <[email protected]>
Date: Wed, 13 Mar 1996 11:56:50 -0500
Cc: [email protected]
In-Reply-To: Your message of "Tue, 12 Mar 1996 23:37:47 PST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

Bill Stewart writes:
> [email protected] replied
> >Signed Diffie-Hellman key exchanges have the property known as
> >"Perfect Forward Secrecy". Even if the opponent gets your public keys
> >it still will not decrypt any traffic for him at all -- it just lets
> >him pretend to be you. Thats one reason why protocols like Photuris
> >and Oakley use the technique.
> 
> DH key exchange is really only Exponentially Good Forward Secrecy,
> and in its primary use (exchanging keys for symmetric-key algorithms)
> the system is at best Good Enough Forward Secrecy.

No, signed D-H like STS is in fact perfect forward secrecy in the
sense that breaking the RSA keys gives you no information about the
session keys, and breaking one of the D-H exchanges does not (in
theory) give you any information about any of the others.

Perry

References:
- Re: Remailer passphrases
  - From: Bill Stewart <[email protected]>

Prev by Date: Re: Why escrow? (was Re: How would Leahy bill affect crypto
Next by Date: Re: PGP reveals the key ID of the recipient of encrypted msg
Prev by thread: Re: Remailer passphrases
Next by thread: Re: Remailer passphrases
Index(es):
- Date
- Thread