Forward Security Question

AARG!Anonymous remailer at aarg.net
Sun Nov 18 15:30:05 EST 2001


Hi All,

I have recently been reading about password-based authentication schemes, 
especially EKE and its variants.  The papers I've read on EKE, DH-EKE, and 
SPEKE all refer to their "perfect forward security," though I have been 
unable to find a formal definition of this property, or any detailed 
explanation of what this really means.  Does the "forward security" refer 
to the fact that if Eve knows a "K" Alice and Bob used two weeks ago, she 
cannot assume either of their identities for a current transaction?  Or 
does it mean that even if Eve knows the current "K" in use by Alice and 
Bob's session, she cannot impersonate either of them?  Or does it mean 
something else?

Can someone better explain how the "forward security" found in 
EKE/DH-EKE/SPEKE works?  Is it the same for each EKE variant, or does it 
work differently for each?

Ashamedly Confused,

- Anonymous.



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list