Thanks Natanael! What I'm gathering from here and [messaging] is that yes, OTR doesn't seem seem to be future-secure, and PFS isn't perfect (with the way it's usually implemented today), *but* there do seem to be possible solutions to this problem, if we can trust what the math/physics folks are saying.
-g -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Jan 24, 2015, at 1:13 PM, Natanael <natanae...@gmail.com> wrote: > > Den 24 jan 2015 22:06 skrev "Greg" <g...@kinostudios.com>: > > > > So, I understand that QM algos can pretty much dismantle all popular > > asymmetric encryption algos with enough q-bits, but I haven't thought hard > > enough to see if they also can be used to compromise communications that > > used DH to do PFS underneath the initial handshake. > > > > Side question: is this the right list to ask this on, or is there other > > ones I should try? (Is CFRG appropriate? Metzdowd is annoying with its long > > moderation times...) > > Key exchange like DH simplifies PFS but isn't strictly necessary. A mechanism > with temporary public keys where your main keys only sign the temporary keys, > and the temporary keys are used for exchange of nonces to generate session > keys (there are presumed quantum secure public key algorithms!), would be > sufficient as well if you delete the temporary public keys the way DH secrets > in regular PFS key exchanges are deleted afterwards. > > There are many hash based signature algorithms, and other types of public key > algorithms like lattice based and many others. >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography