[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Definition of PFS...
>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
Andrew> I recently decided to do some research on something that has
Andrew> bugged me for quite awhile now: What is the point of doing PFS in
Andrew> phase 2?
Andrew> The reason I wonder about this is that presumably you will use
Andrew> the same group in phase 2 that you used in phase 1, so if an
Andrew> adversary can crack your phase 1 DH then he can presumably expend
Andrew> the 1 bit of additional effort required to crack the phase 2
Andrew> DH. It seems like you would be better off using a larger modulus
PFS does not just defend against being attacked.
It also defends against the situation where a third party compels one
party to provide some set of keys. PFS guarantees that a simple search warant
only catches traffic *currently* in transit, not all previous and future
traffic.
:!mcr!: | Solidum Systems Corporation, http://www.solidum.com
Michael Richardson |For a better connected world,where data flows faster<tm>
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
mailto:mcr@sandelman.ottawa.on.ca mailto:mcr@solidum.com
Follow-Ups:
References: