The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:forward_secrecy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pgpfan:forward_secrecy [2022/01/06 21:04] – Another victim of the rewrite. b.walzerpgpfan:forward_secrecy [2025/11/04 12:17] (current) – Entirely new argument. b.walzer
Line 4: Line 4:
  
   * Some adversary records your encrypted messages and creates an archive of then without your knowledge or consent.   * Some adversary records your encrypted messages and creates an archive of then without your knowledge or consent.
-  * After any attempts to break the encryption fail they then attempt to get access to the secret key information used to encrypt the messages in the first place+  * Optionally the adversary can attempt to break the encryption on your messages. If they are successful then forward secrecy provides no value
-  * They then attack the place this secret key information is stored (usually an end device) to get the information required to decrypt their surreptitious archive of your encrypted messages.+  * They then attack the place the secret key information is stored (usually an end device) to get the information required to decrypt their surreptitious archive of your encrypted messages.
  
 So starting out we are talking about a two phase attack that requires access to an end point and significant preplanning. So starting out we are talking about a two phase attack that requires access to an end point and significant preplanning.
Line 16: Line 16:
  
 Reduced to the essence: forward secrecy is where you delete the encryption key protecting some encrypted data to prevent that key from falling into the possession of an attacker that already has that encrypted data. There is nothing preventing any system from doing that, even something based on the OpenPGP standard. For a practical demonstration see: [[pgpfan:gpgburn|A Demonstration of Message Burning Through Encryption using GnuPG]]. Reduced to the essence: forward secrecy is where you delete the encryption key protecting some encrypted data to prevent that key from falling into the possession of an attacker that already has that encrypted data. There is nothing preventing any system from doing that, even something based on the OpenPGP standard. For a practical demonstration see: [[pgpfan:gpgburn|A Demonstration of Message Burning Through Encryption using GnuPG]].
 +
 +Forward secrecy when applied to encrypted messaging often leads to less local security after the message is received. When a PGP message is received, it stays encrypted. It is only decrypted when the user wants to see it and the decrypted message is forgotten immediately after that. I have dubbed this feature: [[pgpfan:encryptonce|encrypt once]]. In a system using some forward secrecy scheme, once the message arrives the key will eventually be forgotten. So it must be decrypted at that point in time. In common practice that means that the message will //stay// decrypted and will be accessible to anyone with access to the device. Sometimes a system will have some kind of local password lock but that pretty much always ends up with an easy to crack password. With PGP your old messages are always protected with the full strength of the system used to transfer the message in the first place.
  
 Hardly anyone ever does forward secrecy with OpenPGP. Why not? It's easy to do in a technical sense and would not cause your correspondents to have to reverify your identity. Hardly anyone ever does forward secrecy with OpenPGP. Why not? It's easy to do in a technical sense and would not cause your correspondents to have to reverify your identity.
pgpfan/forward_secrecy.1641503057.txt.gz · Last modified: by b.walzer