Collaborate Disseminate
Why do we still use RSA 2048 when we know that quantum computers can crack RSA as fast as classical computers can create the key?
Providers, governments, APTs, etc. can sniff all the traffic and as soon as the day comes when quantum comput… Continue reading Why are we using RSA although it will be cracked by quantum computers?
As we know, NIST PQC project is at its 3rd round, with draft standard expected to arrive in the next (few) year(s).
An unfortunate fact is that, we’re not seeing many signature schemes general-purpose enough (in the sense that, the size of… Continue reading SSL/TLS Forward secrecy with 2 KEM public keys
If TLS communication uses ciphers that does not support forward secrecy[FS] (like RSA key exchange ciphers), confidentiality of the past communication is compromised if the private key is compromised. But will the integrity also gets compr… Continue reading How integrity is compromised if forward secrecy is not enabled in TLS communication?
Take for example – AWS STS token or JWT tokens.
Let’s say node A got a token for accessing a resource of account X on behalf of account X. Access includes read/write privileges.
Let’s say few minutes later the node A got compromised.
Nothi… Continue reading What happens if a secure token is provided to a trusted party that gets compromised
Take for example – AWS STS token or JWT tokens.
Let’s say node A got a token for accessing a resource of account X on behalf of account X. Access includes read/write privileges.
Let’s say few minutes later the node A got compromised.
Nothi… Continue reading What happens if a secure token is provided to a trusted party that gets compromised
I want to build a group chat app where messages are transmitted and stored as securely as they can be, but where the message history is still visible after you or others in the group have changed devices. From my understanding, PFS isn’t p… Continue reading Group Instant Messaging: How to securely store messages on the backend while supporting cross-device message history in a group chat?
Say we have a one-time password authentication system that uses a Merkle tree. Assume that the secret keys are of the form {sk0, sk1, …, sk7}, and at time t = 3 an attacker recovers sk6. Will he/she be able to recover any of the previous… Continue reading Forward secrecy in Merkle trees vs. hash chains
In the Telegram API it is stated that Telegram support Perfect Forward Secrecy in their “secret chats”. It is also stated that
official Telegram clients will initiate re-keying once a key has been used to decrypt and encrypt more than… Continue reading Do the Secret Chats of Telegram really support Perfect Forward Secrecy?
Why does the Diffie-Hellman algorithm have the perfect forward secrecy?
I am writing a decentralized application that lets certain privileged users post messages to other users. These messages should be encrypted so that only the two of them can read it. Messages are posted onto IPFS, so that any… Continue reading Is forward secrecy useful for an application where keeping message history is an integral part?