Seems that RFC 2828 only clarifies that not all people agree on a
definition. Let me try to clarify, and since I'm just about to complete
the lecture and chapter covering this area in my `secure communication
and commerce` course (and book), I'll really appreciate
comments/corrections. In
[Std1363] defines forward secrecy as the property that:
... prevents a passive opponent who merely recorded past communications
encrypted with the shared secret keys from decrypting them some time in the
future by compromising the partiesÂ’ cryptographic state.
To
As further precedent, [JV96] provides a definition and rationale for FS in
preference to PFS:
A key agreement protocol provides *forward secrecy* (perfect forward secrecy
in [7] and [9]) if the loss of any long-term secret keying material does not allow
the compromise of keys from previously
Anonymous asks:
I have recently been reading about password-based authentication schemes,
especially EKE and its variants. The papers I've read on EKE, DH-EKE, and
SPEKE all refer to their perfect forward security, though I have been
unable to find a formal definition of this property,
--On Sunday, 18 November, 2001 12:30 -0800 AARG!Anonymous
[EMAIL PROTECTED] wrote:
Hi All,
I have recently been reading about password-based authentication schemes,
especially EKE and its variants. The papers I've read on EKE, DH-EKE,
and SPEKE all refer to their perfect forward