On Thu, Sep 12, 2013 at 09:33:34AM -0700, Tony Arcieri wrote: > What's really bothered me about the phrase "perfect forward secrecy" is > it's being applied to public key algorithms we know will be broken as soon > as a large quantum computer has been built (in e.g. a decade or two).
I do not think that the spooks are too far away from open research in QC hardware. It does not seem likely that we'll be getting real QC any time soon, if ever. The paranoid nuclear option remains: one time pads. There is obviously a continuum for XORing with output very large state PRNGs and XORing with one time pads. It should be possible to build families of such which resist reverse-engineering the state. While juggling around several MByte or GByte "keys" is inconvenient, some applications are well worth it. Why e.g. SWIFT is not running on one time pads is beyond me. > Meanwhile people seem to think that it's some sort of technique that will > render messages unbreakable forever.
signature.asc
Description: Digital signature
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography