subject:"Ephemeral key lifetime \& system sleep"

Re: Ephemeral key lifetime & system sleep

2016-12-07 Thread Kalin KOZHUHAROV

On Thu, Dec 8, 2016 at 7:04 AM, Daniel Kahn Gillmor wrote: > I think scrubbing the ephemeral keys prior to suspend is the right thing > to do. It's simpler to reason about, sounds straightforward to > implement, the usability cost isn't that great, and it's likely to be >

Re: Ephemeral key lifetime & system sleep

2016-12-07 Thread Daniel Kahn Gillmor

On Wed 2016-12-07 16:20:43 -0500, Jason A. Donenfeld wrote: > But I was thinking that instead of this, maybe it'd be simpler and > even more desirable to simply *always wipe all keys immediately > /before/ system suspend*. This would have the desirable property of > preventing ephemeral key

Ephemeral key lifetime & system sleep

2016-12-07 Thread Jason A. Donenfeld

Hey guys, As you know, WireGuard provides perfect forward secrecy, otherwise known as key erasure, by zeroing out old keys in ram, and constantly rotating in new keys. It keeps, at most, the current, the previous, and the next key in ram, and for no more than a handful of minutes for the oldest

Re: Ephemeral key lifetime & system sleep

Re: Ephemeral key lifetime & system sleep

Ephemeral key lifetime & system sleep

3 matches

Site Navigation

Mail list logo

Footer information