[cryptography] Asynchronous forward secrecy encryption

Trevor Perrin trevp at trevp.net
Wed Sep 18 13:53:37 EDT 2013


On Wed, Sep 18, 2013 at 10:22 AM, Michael Rogers
<michael at briarproject.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 18/09/13 17:27, Trevor Perrin wrote:
>> Hmm, I would've thought clocks are *less* reliable than storage on
>> most devices.
>
> That may be true, but this isn't a choice between relying on the clock
> or relying on storage. It's a choice between relying on both, or
> relying only on the clock.

A quick glance at Briar makes it looks like it already uses local storage:


>
>> Certainly this has worse forward-secrecy than updating keys
>> per-message, as keys for old ciphertext are kept around for some
>> period.
>
> Yes, updating keys per-message would be preferable if we could assume
> an ongoing two-way exchange of messages. For OTR's instant messaging
> use case that's a reasonable assumption. For Briar's use case it's not.
>
> Cheers,
> Michael
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEcBAEBAgAGBQJSOeFqAAoJEBEET9GfxSfMJFEH/jnyd3SAYKhNAhQVFOYlvyy1
> zckK4VQClQPEOwRcidSud9zSxblRQXQGJSO+pB23niHgpbomzDx7fc5jKlShF/yt
> sZ8qJ2gj13xZey0rp+DWK3DCcKq0erEbDd58bngJsHtFoVyjYpsZKfMi8Mqhl3iN
> 2QvEXkwkUzVTSX8bks30WRgGAObimvEHAOU7eOY32xZgy/l2VwUDOws5fd0lc5+p
> +HcEQLyckkSZnaF6C/vXa6jbNYigRLzR+UslIVnshg1BWrgShxe+f+2TtWhLDNqD
> 1y0vRdhW+JzQYcwmmTQyHpKGl5qCQ6vmkYxdmsm6JvGLFR06q+FG8thaWE/VCU4=
> =hmqv
> -----END PGP SIGNATURE-----


More information about the cryptography mailing list