I've been using the following (based on references dating back to
Diffie in '90):
Forward Secrecy:
Session-key generation values should not be directly derived from the
values of any previous session-keys. Knowledge of a previous session
key will not permit derivation of any later key. The generation
pseudo-random function data values are carefully arranged to avoid
related key analysis.
Perfect Forward Secrecy:
When initializing pseudo-random function data values are periodically
destroyed, and this destruction is sooner than the feasible recovery
of the key (computationally) from the publically exchanged values,
or recovery (by theft or coercion) from the parties, the derived
session-keys are never recoverable.
[I'm not sure I like this definition, Bill. It would make exchange of
random session keys by RSA a form of PFS, which it most certainly
isn't. The definition from Diffie et al given in another message
really conveys the flavor properly. --Perry]
"Arnold G. Reinhold" wrote:
>
> Can anyone point me to a good definition of "Perfect Forward Security"?
[EMAIL PROTECTED]
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
