As further precedent, [JV96] provides a definition and rationale for FS in
preference to PFS:
"A key agreement protocol provides *forward secrecy* (perfect forward secrecy
in [7] and [9]) if the loss of any long-term secret keying material does not allow
the compromise of keys from previously wir
[Std1363] defines "forward secrecy" as the property that:
"... prevents a passive opponent who merely recorded past communications
encrypted with the shared secret keys from decrypting them some time in the
future by compromising the partiesÂ’ cryptographic state."
To sup
Seems that RFC 2828 only clarifies that not all people agree on a
definition. Let me try to clarify, and since I'm just about to complete
the lecture and chapter covering this area in my `secure communication
and commerce` course (and book), I'll really appreciate
comments/corrections. In particul
--On Sunday, 18 November, 2001 12:30 -0800 AARG!Anonymous
<[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I have recently been reading about password-based authentication schemes,
> especially EKE and its variants. The papers I've read on EKE, DH-EKE,
> and SPEKE all refer to their "perfect forward s
Anonymous asks:
> I have recently been reading about password-based authentication schemes,
> especially EKE and its variants. The papers I've read on EKE, DH-EKE, and
> SPEKE all refer to their "perfect forward security," though I have been
> unable to find a formal definition of this prope
