On Tue, 26 Feb 2013, Sergio Lerner wrote:
If you can't keep a session key secret for the duration of the transfer,
you are toast. cycling a AES key because you don't trust it for more
then 5 minutes instead of one hour buys you a factor 12, which is
basically nothing in order of magnitudes crypto normally works at.
Perhaps it doesn't make sense in OTR for messages.
But If you're streaming audio with ZRTP
(http://zfone.com/docs/ietf/rfc6189bis.html), then the mode makes
perfect sense.
No. If they can brute force your first ZRTP packet, then they can also
brute force the next 10000 packets. Rotating keys that fast isn't
buying yoy anything. Don't start out with such weak keys.
ALSO, the attacker can try to break in your computer BECAUSE you've just
made a call to someone that is under surveillance, so you should be
prepared to be hacked just after you send your first message (and not
before).
If they break in your computer you're lost from now until you find out,
so that's the reverse of perfect forward secrecy. At that point your
key generation can be as secure as we can make it yet they will just
get a copy of any key, no matter how fast or slow you rotate them over.
Paul
_______________________________________________
OTR-dev mailing list
[email protected]
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
