[Top] [All Lists]

Re: Forward Secrecy

2005-02-24 12:01:43

On Thu, 24 Feb 2005 08:16:03 -0800 Ben Laurie 

Forward Secrecy Extensions for OpenPGP

Comments, please!

the site lists the following statement:

"If expired keys are securely deleted, attackers will never be able 
to retrieve them to decrypt captured ciphertext. Therefore when a 
public encryption key expires, an OpenPGP client MUST securely wipe 
the corresponding private key"

it would also need the suggestion/requirement that the OpenPGP 
NOT be allowed to make a 'backup' of the private key,
something now routinely done by default

but even if it does so, and does not make any backups,
it is still not foolproof,
it just requires the adversary to do 'more work'

assuming the sender corresponds with 'n' different recipients,
and sends a new subkey packet to each of them for each encryption,

if the adversary can intercept each e-mail message, and stores 
then the adversary now needs the 'n' long-term private keys of the 
recipients, and can then recover the subkeys and the messages

so, the security still depends on the recipient's long term
private keys not being compromised, as it did without the use of 
the subkeys

but if the sender doesn't encrypt to self, and encrypts only to the 
how is the security improved by having different subkeys each time 
for that receiver?


Concerned about your privacy? Follow this link to get
secure FREE email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program:

<Prev in Thread] Current Thread [Next in Thread>