[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remailer passphrases
Bill Stewart writes:
> [email protected] replied
> >Signed Diffie-Hellman key exchanges have the property known as
> >"Perfect Forward Secrecy". Even if the opponent gets your public keys
> >it still will not decrypt any traffic for him at all -- it just lets
> >him pretend to be you. Thats one reason why protocols like Photuris
> >and Oakley use the technique.
>
> DH key exchange is really only Exponentially Good Forward Secrecy,
> and in its primary use (exchanging keys for symmetric-key algorithms)
> the system is at best Good Enough Forward Secrecy.
No, signed D-H like STS is in fact perfect forward secrecy in the
sense that breaking the RSA keys gives you no information about the
session keys, and breaking one of the D-H exchanges does not (in
theory) give you any information about any of the others.
Perry