[cryptography] Asynchronous forward secrecy encryption

Ben Laurie ben at links.org
Tue Sep 17 06:14:24 EDT 2013


On 16 September 2013 12:45, Marco Pozzato <mpodroid at gmail.com> wrote:

> Hi all,
>
> I'm looking for an asynchronous messaging protocol with support for
> forward secrecy: I found some ideas, some abstract paper but nothing ready
> to be used.
>

Long ago I did a thing called Apres, which was allegedly an anonymous
presence protocol, but includes async messaging with PFS.

http://www.apache-ssl.org/apres.pdf


>
> OTR seems the preeminent protocol, but does not have support for
> asynchronous communication.
> This post https://whispersystems.org/blog/asynchronous-security/describes an interesting variation on OTR: the basic idea is to
> precalculate 100 Diffie-Hellman and consume one at every new message.
>
> On the opposite side, for OpenPGP lovers, I found an old extension
> http://tools.ietf.org/html/draft-brown-pgp-pfs-01 which adopt the same
> approach, using many short-lived keys, which frequently expire (eg: every
> week) and are deleted.
>
> They are both clever ideas to provide PFS, but what does it mean to the
> average user? Let say that today I discover an attack run on 1st of August:
>
>    - OTR variation: I do not know which messages were wiretapped. 100
>    messages could spawn few hours or two months.
>    - OpenPGP: I know I lost messages sent in the first week of August.
>
>
> What do you think about it?
>
> Marco
>
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130917/5bd73c46/attachment-0001.html>


More information about the cryptography mailing list