[OTR-dev] OMEMO, PFS
Greg Troxel
gdt at ir.bbn.com
Fri Nov 13 18:53:51 EST 2015
Thijs Alkemade <me at thijsalkema.de> writes:
> Suppose Bob's ephemeral keys are compromised by an attacker at a specific
> time, then the attacker can decrypt all messages from Alice since the last
> time Bob sent Alice a message before the compromise, up to (and including? I'm
> not clear on that) the first time Bob sent a message after the compromise.
> Once Bob sends a new message, the key material changes and the ephemeral key
> becomes useless.
Thanks. That makes perfect sense. So you have PFS that has issues in
time, but reset once you ratchet forward -- and actually erase the
previous cases from all places in which they were persisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20151113/7cef4b49/attachment.sig>
More information about the OTR-dev
mailing list