[Cryptography] In the face of "cooperative" end-points, PFS doesn't help
Tony Arcieri
bascule at gmail.com
Sat Sep 7 16:27:00 EDT 2013
On Fri, Sep 6, 2013 at 6:49 PM, Marcus D. Leech <mleech at ripnet.com> wrote:
> It seems to me that while PFS is an excellent back-stop against NSA
> having/deriving a website RSA key
Well, it helps against passive eavesdropping. However if the NSA has a web
site's private TLS key, they can still MitM the traffic, even with PFS.
Likewise with "perfect" forward secrecy, they can collect and store all
your traffic for the next 10-20 years when they get a large quantum
computer, and decrypt your traffic then.
PFS is far from "perfect"
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130907/861fc0c6/attachment.html>
More information about the cryptography
mailing list