Forward Security Question
AARG!Anonymous
remailer at aarg.net
Sun Nov 18 15:30:05 EST 2001
Hi All,
I have recently been reading about password-based authentication schemes,
especially EKE and its variants. The papers I've read on EKE, DH-EKE, and
SPEKE all refer to their "perfect forward security," though I have been
unable to find a formal definition of this property, or any detailed
explanation of what this really means. Does the "forward security" refer
to the fact that if Eve knows a "K" Alice and Bob used two weeks ago, she
cannot assume either of their identities for a current transaction? Or
does it mean that even if Eve knows the current "K" in use by Alice and
Bob's session, she cannot impersonate either of them? Or does it mean
something else?
Can someone better explain how the "forward security" found in
EKE/DH-EKE/SPEKE works? Is it the same for each EKE variant, or does it
work differently for each?
Ashamedly Confused,
- Anonymous.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list