[OTR-users] Perfect Forward Security
Jason Cohen
jcohen07 at brandeis.edu
Mon Mar 28 13:59:41 EST 2005
Quoting:
The keysize of the DH only has to be large enough that you're
comfortable with the adversary having to break a DH key agreement *per
message*, since (approximately) each message you send is encrypted
with a new key, derived from a fresh DH key agreement.
If an adversary steals your private key and can break one message, don't they have all the needed information to decrypt the next message? They have the key used to encrypt the next message as well as the private "x" value. I'm probably just confused. I would appreciate it if someone could clarify this for me.
Jason
More information about the OTR-users
mailing list