Sunday, 17 March 2013

#FLOSS Perfect forward secrecy #CRYPTO #VOIP

NEW! Secure Encrypted Authenticated and Anonymous Email Implemented NOW AVAILABLE!

 Become Human!

Help us Human!  Tweet the PAGE!  Don't be a DUMBO! :@) DO IT **NOW**

Perfect forward secrecy

From Wikipedia, the free encyclopedia
In an authenticated key-agreement protocol that uses public key cryptographyperfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future.
Forward secrecy has been used as a synonym for perfect forward secrecy,[1] since the termperfect has been controversial in this context. However, at least one reference [2] distinguishesperfect forward secrecy from forward secrecy with the additional property that an agreed key will not be compromised even if agreed keys derived from the same long-term keying material in a subsequent run are compromised.
Perfect forward secrecy (PFS) refers to the notion that compromise of a single key will permit access to only data protected by a single key. For PFS to exist, the key used to protect transmission of data must not be used to derive any additional keys, and if the key used to protect transmission of data was derived from some other keying material, that material must not be used to derive any more keys.




PFS was originally introduced [3] by Diffievan Oorschot, and Wiener and used to describe a property of the Station-to-Station protocol (STS), where the long-term secrets are private keys.
PFS has also been used [4] to describe the analogous property of password-authenticated key agreement protocols where the long-term secret is a (shared) password.
Annex D.5.1 of IEEE 1363-2000 discusses the related one-party and two-party forward secrecy properties of various standard key agreement schemes.


  • PFS is an optional feature in IPsec (RFC 2412).
  • SSH
  • Off-the-Record Messaging, a cryptography protocol and library for many instant messaging clients, provides perfect forward secrecy as well as deniable encryption.
  • In theory, Transport Layer Security can choose appropriate ciphers since SSLv3, but in everyday practice many implementations have refused to offer PFS or only provide it with very low encryption grade.[5] OpenSSL supports perfect forward secrecy using elliptic curve Diffie-Hellman since version 1.0,[6] with a computational overhead of approximately 15%.[7]

[edit]See also


  1. ^ IEEE 1363-2000: IEEE Standard Specifications For Public Key Cryptography. Institute of Electrical and Electronics Engineers, 2000.
  2. ^ Telecom Glossary 2000, T1 523-2001, Alliance for Telecommunications Industry Solutions (ATIS) Committee T1A1.
  3. ^ Diffie, Whitfield; van Oorschot, Paul C.; Wiener, Michael J. (June 1992). "Authentication and Authenticated Key Exchanges"Designs, Codes and Cryptography 2 (2): 107.doi:10.1007/BF00124891. Retrieved 2008-02-11.
  4. ^ Jablon, David P. (October 1996). "Strong Password-Only Authenticated Key Exchange".ACM Computer Communication Review 26 (5): 5–26. doi:10.1145/242896.242897. Retrieved 2008-02-11.
  5. ^ Discussion on the TLS mailing list in October 2007
  6. ^ "Protecting data for the long term with forward secrecy". Retrieved 2012-11-05.
  7. ^ Vincent Bernat. "SSL/TLS & Perfect Forward Secrecy". Retrieved 2012-11-05.

[edit]External links

The White Rabbit!
If you Tweet Rabbit Regularly The White Rabbit!  ROARS
Humanity Arising #Ascension2013 #TRUTH
No Banksters  were harmed in the production of this blog.  .... Worse, not were yet JAILED! .  ACTIVISTSGLOBAL BRIEFING BILDERBERG Prosecutions!  911 War Criminal HUNT!  POLISH Ex-Intel Head Charged!  ITALIAN Ex-Intel Head *JAILED*!  BELGIAN 911 Truth!!

No comments :

Post a comment

Only members (obviously) can comment; no moderation; direct to page.

Note: only a member of this blog may post a comment.