Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision |
pgpfan:forward_secrecy [2020/07/12 17:49] – slower transition b.walzer | pgpfan:forward_secrecy [2020/07/14 16:45] – [Forward Secrecy] Better organization b.walzer |
---|
The PGP protocol is sometimes criticized because it lacks a feature called [[wp>Forward_secrecy|forward secrecy]] which goes something like this: | The PGP protocol is sometimes criticized because it lacks a feature called [[wp>Forward_secrecy|forward secrecy]] which goes something like this: |
| |
Some process is used to come up with a temporary key known only to you and your correspondent (e.g. [[wp>Diffie–Hellman key exchange]]). That key is used to encrypt the message. After the message is transferred and decrypted that temporary key is destroyed. Since the key is gone the message is inaccessible unless someone breaks the encryption. It is intended to prevent the case where someone records your encrypted messages off the network and then later gets access to your private key somehow. | Some process is used to come up with a temporary key known only to you and your correspondent (e.g. [[wp>Diffie–Hellman key exchange]]). That key is used to encrypt the message. After the message is transferred and decrypted that temporary key is destroyed. Since the key is gone the message is inaccessible. The idea is to prevent access to your message after it has been transferred. |
| |
Forward secrecy requires an end to end, bidirectional communications channel to establish a temporary key. So it is normally not usable with offline messaging. Adding an offline messaging capability to a system supporting forward secrecy involves creating an extra subsystem (e.g. the Signal protocol prekey system). PGP is able to support both offline and online messaging in the same simple straightforward way. So the cost of forward secrecy is either significant extra complexity or the lack of support for an important messaging mode. The next three subsections break out the potential benefit of forward secrecy after some sort of loss of system secrecy. | The first important point is that forward secrecy depends on the integrity of the encryption. If someone manages to break the encryption on your old messages they will still get access to them. |
| |
| The second important point comes from the first. Since forward secrecy depends on the integrity of the encryption it will only be superior in the case where someone gets access to your private key information. For the end to end encryption case that will mean compromising an end device. The next three subsections break out the potential benefit of forward secrecy after an end device is compromised. |
| |
=====Message Archives===== | =====Message Archives===== |