On Thu, Sep 12, 2013 at 09:33:34AM -0700, Tony Arcieri wrote:

> What's really bothered me about the phrase "perfect forward secrecy" is
> it's being applied to public key algorithms we know will be broken as soon
> as a large quantum computer has been built (in e.g. a decade or two).

I do not think that the spooks are too far away from open research in
QC hardware. It does not seem likely that we'll be getting real QC
any time soon, if ever.

The paranoid nuclear option remains: one time pads. There is obviously
a continuum for XORing with output very large state PRNGs and
XORing with one time pads. It should be possible to build families
of such which resist reverse-engineering the state. While
juggling around several MByte or GByte "keys" is inconvenient, some
applications are well worth it.

Why e.g. SWIFT is not running on one time pads is beyond me.

> Meanwhile people seem to think that it's some sort of technique that will
> render messages unbreakable forever.

Attachment: signature.asc
Description: Digital signature

The cryptography mailing list

Reply via email to