[Cryptography] FFS

Peter Fairbrother zenadsl6186 at zen.co.uk
Fri Mar 20 09:11:21 EDT 2015

I abhor the term "perfect forward secrecy", as being inaccurate unless 
an OTP is used for perfection -

- and unless then, remembering that for forward secrecy you have to 
delete any working materials which have come into contact with plaintext 
or key, you then kill the recipient ("I'd tell you but then I'd have to 
kill you") -

- and unless, as you yourself know the contents of the message, so you 
then kill yourself.

This is of course ridiculous, or at best over-enthusiastic.

I propose instead the term Full Forward Secrecy, and the corresponding 
acronym FFS, to describe a system where an OTP is not used, and the 
secrecy is based on some sort of computational complexity, whether real 
or imagined, instead.

This arose in the context of the question "if you have good encryption 
which is otherwise computationally forward-secret, is it still 
forward-secret if the recipient keeps a copy of the message after 
reception and initial reading?".

Of course, if the sender keeps a copy, the question is similar.

So, I propose the term - but I don't know quite what it should mean.


--Peter Fairbrother

Today I saw a solar eclipse!!


Spring is sprung
The grass is riz
I wonder where
The birdies is?

"The bird is on the wing",
I heard - but
That's absurd
The wing is on the bird.

More information about the cryptography mailing list