[Cryptography] Perfection versus Forward Secrecy

Tony Arcieri bascule at gmail.com
Thu Sep 12 12:33:34 EDT 2013

On Wed, Sep 11, 2013 at 8:00 PM, John Gilmore <gnu at toad.com> wrote:

> There doesn't seem to be much downside to just calling it "Forward
> Secrecy" rather than "Perfect Forward Secrecy".  We all seem to agree
> that it isn't perfect, and that it is a step forward in security, at a
> moderate cost in latency and performance.

What's really bothered me about the phrase "perfect forward secrecy" is
it's being applied to public key algorithms we know will be broken as soon
as a large quantum computer has been built (in e.g. a decade or two).
Meanwhile people seem to think that it's some sort of technique that will
render messages unbreakable forever.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130912/cd52482a/attachment.html>

More information about the cryptography mailing list