[cryptography] Asynchronous forward secrecy encryption

Michael Rogers michael at briarproject.org
Wed Sep 18 13:22:50 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/09/13 17:27, Trevor Perrin wrote:
> Hmm, I would've thought clocks are *less* reliable than storage on
> most devices.

That may be true, but this isn't a choice between relying on the clock
or relying on storage. It's a choice between relying on both, or
relying only on the clock.

> Certainly this has worse forward-secrecy than updating keys 
> per-message, as keys for old ciphertext are kept around for some 
> period.

Yes, updating keys per-message would be preferable if we could assume
an ongoing two-way exchange of messages. For OTR's instant messaging
use case that's a reasonable assumption. For Briar's use case it's not.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSOeFqAAoJEBEET9GfxSfMJFEH/jnyd3SAYKhNAhQVFOYlvyy1
zckK4VQClQPEOwRcidSud9zSxblRQXQGJSO+pB23niHgpbomzDx7fc5jKlShF/yt
sZ8qJ2gj13xZey0rp+DWK3DCcKq0erEbDd58bngJsHtFoVyjYpsZKfMi8Mqhl3iN
2QvEXkwkUzVTSX8bks30WRgGAObimvEHAOU7eOY32xZgy/l2VwUDOws5fd0lc5+p
+HcEQLyckkSZnaF6C/vXa6jbNYigRLzR+UslIVnshg1BWrgShxe+f+2TtWhLDNqD
1y0vRdhW+JzQYcwmmTQyHpKGl5qCQ6vmkYxdmsm6JvGLFR06q+FG8thaWE/VCU4=
=hmqv
-----END PGP SIGNATURE-----


More information about the cryptography mailing list