[Cryptography] Is "perfect forward secrecy" the biggest fraud of last decade?

Ismail Kizir ikizir at gmail.com
Thu Aug 30 14:57:17 EDT 2018


On Thu, Aug 30, 2018 at 4:49 PM William Allen Simpson
<william.allen.simpson at gmail.com> wrote:

> I'm not sure whether you are using the term "perfect" forward secrecy
> correctly.  Perhaps the definitions have changed over time?

I am not targeting here the real technical meanimg of forward secrecy
nor perfect forward secrecy..
Rather, I am offending them as "marketing slogans".
Masses don't understand real meaning of forward secrecy or perfect
forward secrecy.
They rather  think:
"OK! They use ephemeral keys. And ephemeral keys are deleted just
after negotiation and I am safe".
Or even worse: An ordinary computer user just thinks: "OK. I've read
on techno-page of my newspaper(which is expecting a big ad revenue of
Facebook of course) that WhatsApp uses Signal, which is considered as
secure by professionals. My messages are encrypted and I am safe".
I am nearly sure that more than 99% of  WhatsApp or Signal users don't
know that all their conversations may(will) be decrypted in next 5-10
years, despite the fact that all security professional are aware of
this fact.
Nobody told them this truth. But all media, made publicity of
"end-to-end encryption" with a lot of technical terms masses don't
understand.

A false feeling of security is much more dangerous than lack of security.
If people is aware of the fact that all their
WhatsApp/Signal/Telegram,FB, whatever... messages will be decrypted in
very near future, I believe they prefer to be much more prudent!

> I've taken a quick look at the article, and it only mentions factoring
> large numbers.  That's applicable to public/private key pairs.  But
> doesn't seem to be applicable to symmetric keys.
>
> Does Signal really only use asymmetric algorithms?

No.
They don't!
But, Signal Protocol has no Pre-shared symmetric key  support either.
As I already wrote several times here: PSK is the preferred method of
armies. And they are the creator of encryption.
About half of my chat contacts, are my real life friends and I have
possibility to see them physically in real life.
A simple face-to-face symmetric key exchange(by optical ways, via a qr
code, barcode etc.) would be enough in applications, if it was defined
in the protocol!
Consequently, Signal, enforces everybody to use weaker(asymmetric)
encryption where stronger(symmetric) encryption can be used!
And everybody knows that asymmetric encryption will surely be broken!
And it has been so popular nearly every instant messenger application
just adopts it.
This is horrible: This is a long term blackmail/profiling data in
mid-term! All our children are using messaging applications. And when
they will be in political/administrational positions in any country
... I am sure you can imagine the possibilities.

There are more things I can write about Signal protocol and messaging
applications.
But I just wanted to answer your questions in order to clarify why I
targeted forward secrecy.

Regards
Ismail Kizir


More information about the cryptography mailing list