Thijs Alkemade <m...@thijsalkema.de> writes: > Suppose Bob's ephemeral keys are compromised by an attacker at a specific > time, then the attacker can decrypt all messages from Alice since the last > time Bob sent Alice a message before the compromise, up to (and including? I'm > not clear on that) the first time Bob sent a message after the compromise. > Once Bob sends a new message, the key material changes and the ephemeral key > becomes useless.
Thanks. That makes perfect sense. So you have PFS that has issues in time, but reset once you ratchet forward -- and actually erase the previous cases from all places in which they were persisted.
signature.asc
Description: PGP signature
_______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev