[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on Photuris


>>   Suppose I add a rule to Photuris that says you should use an existing
>>   SAID whenever possible to encrypt the exchanges that create a new
>>   SAID. Would this give you some of the same sort of protection against
>>   partial compromises that you get with explicit key refreshment?

>If I understand correctly, what you mean is basically having two
>(simultaneous) ways to authenticate a key exchange. One is using

Actually, I wasn't thinking about authentication so much as I was
looking for a cheap way to harden the protocol against passive
eavesdropping. This is still by far the easiest attack to mount on a
large scale -- just ask NSA. Yes, an active attacker can still come
along and pretend to be a correspondent who has lost state, but this
is not only a lot harder to do, it greatly increases the chance of
being detected.