[52028] in Cypherpunks
Re: Remailer passphrases
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Mar 12 15:07:06 1996
To: frantz@netcom.com (Bill Frantz)
Cc: cypherpunks@toad.com
In-Reply-To: Your message of "Tue, 12 Mar 1996 10:55:39 PST."
<199603121853.KAA28808@netcom8.netcom.com>
Reply-To: perry@piermont.com
Date: Tue, 12 Mar 1996 14:51:47 -0500
From: "Perry E. Metzger" <perry@piermont.com>
Bill Frantz writes:
> One of the reasons classical (government) crypto users change keys
> frequently is to minimize the amount of data compromised by a broken key.
> We keep hearing about NSA decrypting 20 year old cyphertext and showing
> more of the workings of the atomic spy rings operating in the 40s and 50s.
> If an opponent can rubber hose the key, her job is easy. If she has to
> perform cryptoanalysis, it is much harder. Remailers should regularly
> change their keys to avoid compromising previously recorded traffic. (They
> can have a long lived key for signing their traffic keys.)
Signed Diffie-Hellman key exchanges have the property known as
"Perfect Forward Secrecy". Even if the opponent gets your public keys
it still will not decrypt any traffic for him at all -- it just lets
him pretend to be you. Thats one reason why protocols like Photuris
and Oakley use the technique.
Perry
