[Cryptography] Is "perfect forward secrecy" the biggest fraud of last decade?
Christian Huitema
huitema at huitema.net
Sat Sep 1 18:38:14 EDT 2018
On 9/1/2018 7:05 AM, Sandy Harris wrote:
> On the other hand if quantum computers can solve the
> discrete log problem efficiently, then DH goes belly up.
> That would let them break the protocol completely,
> reading new messages without MITM and reading old
> ones despite forward secrecy, provided they had also
> archived the DH exchanges.
Straight DH could indeed be broken by quantum computers. What about DH
combined with shared secret, as in for example the PSK + (EC)DH modes of
TLS 1.3? Are those broken too?
-- Christian Huitema
More information about the cryptography
mailing list