1996-03-14 - Re: Remailer passphrases

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Bill Stewart <stewarts@ix.netcom.com>
Message Hash: 8b2af1ef3a040c59f3d7adce547cb96cd0e17d24a31833cac46c926c467fcd39
Message ID: <199603131656.LAA00295@jekyll.piermont.com>
Reply To: <199603130737.XAA22807@ix15.ix.netcom.com>
UTC Datetime: 1996-03-14 13:46:57 UTC
Raw Date: Thu, 14 Mar 1996 08:46:57 -0500

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 14 Mar 1996 08:46:57 -0500
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Remailer passphrases
In-Reply-To: <199603130737.XAA22807@ix15.ix.netcom.com>
Message-ID: <199603131656.LAA00295@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart writes:
> perry@piermont.com replied
> >Signed Diffie-Hellman key exchanges have the property known as
> >"Perfect Forward Secrecy". Even if the opponent gets your public keys
> >it still will not decrypt any traffic for him at all -- it just lets
> >him pretend to be you. Thats one reason why protocols like Photuris
> >and Oakley use the technique.
> 
> DH key exchange is really only Exponentially Good Forward Secrecy,
> and in its primary use (exchanging keys for symmetric-key algorithms)
> the system is at best Good Enough Forward Secrecy.

No, signed D-H like STS is in fact perfect forward secrecy in the
sense that breaking the RSA keys gives you no information about the
session keys, and breaking one of the D-H exchanges does not (in
theory) give you any information about any of the others.

Perry





Thread