[OTR-users] Perfect Forward Secrecy
Moritz 'Morty' Strübe
morty at gmx.net
Mon Mar 28 15:06:37 EST 2005
Ian Goldberg wrote:
>[It's "perfect forward secrecy", not "p.f. security".]
>
>On Mon, Mar 28, 2005 at 01:59:41PM -0500, Jason Cohen wrote:
>
>
>>Quoting:
>>
>>The keysize of the DH only has to be large enough that you're
>> comfortable with the adversary having to break a DH key agreement *per
>> message*, since (approximately) each message you send is encrypted
>> with a new key, derived from a fresh DH key agreement.
>>
>>If an adversary steals your private key and can break one message,
>>don't they have all the needed information to decrypt the next
>>message? They have the key used to encrypt the next message as well as
>>the private "x" value. I'm probably just confused. I would appreciate
>>it if someone could clarify this for me.
>>
>>
>
>No; if you break DH to find the private key associated with the public
>key used to encrypt message number 1, that doesn't give you the private
>key associated with the public key used to encrypt message number 2.
>Each message (approximately) uses a brand-new DH private/public key
>pair. You have to break DH all over again to get that second private
>key, and so on. Knowing the DSA private key also has no effect on this
>result.
>
>I'm not sure that was clear enough. Let me know if there's something
>you still don't understand.
>
> - Ian
>_______________________________________________
>OTR-users mailing list
>OTR-users at lists.cypherpunks.ca
>http://lists.cypherpunks.ca/mailman/listinfo/otr-users
>
>
>
>
Maby I can make it a bit more clear. You have a public and a private
key. You encrypt with the public key and decrypt with the private key.
If you only have the pub key, you can't decode the message.
If you calculate the 1st private key (wich takes lots of time) all you
get is the 1st message and the secound public key. Now you have to
calculate the secound private Key (wich takes a lots of time again) to
decode the secound message and get the third public key, and so on.
As you "forget" your private key as soon as you don't need it any more
there is no way to get it then to calculate the Private key from the
public key, wich as alreade mentioned taks lots of time.
Hope this maks things a bit more clear.
morty
--
Diese Email ist signiert. Solltest Du von mir eine nicht signierte Mail
bekommen und das Gefühl haben, dass sie nicht von mir stammt, ist dies
wahrscheinlich der Fall. Sollte Dein Email-Client keine Signaturen
unterstützen wird eine smime.p7s-Datei im Anhang angeziegt.
Get Firefox! - Den besten Browser jetzt in Version 1.0.1, Deutsch
runterladen! <http://www.mozilla-world.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20050328/777751d4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firefox_80x15.png
Type: image/png
Size: 1063 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20050328/777751d4/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: morty.vcf
Type: text/x-vcard
Size: 743 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20050328/777751d4/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3154 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20050328/777751d4/attachment.bin>
More information about the OTR-users
mailing list