[146889] in cryptography@c2.net mail archive
Re: [Cryptography] Why prefer symmetric crypto over public
daemon@ATHENA.MIT.EDU (Christian Huitema)
Mon Sep 9 08:56:34 2013
X-Original-To: cryptography@metzdowd.com
From: "Christian Huitema" <huitema@huitema.net>
To: "'Peter Saint-Andre'" <stpeter@stpeter.im>
In-Reply-To: <522D00CD.6050400@stpeter.im>
Date: Sun, 8 Sep 2013 21:29:35 -0700
Cc: 'John Kelsey' <crypto.jmk@gmail.com>, 'Crypto' <cryptography@metzdowd.com>,
'Jon Callas' <jon@callas.org>, "'Naif M. Otaibi'" <otaibinm@gmail.com>,
'Jaap-Henk Hoepman' <jhh@cs.ru.nl>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> I am certainly not going to advocate Internet-scale KDC. But what
>> if the application does not need to scale more than a "network of
>> friends?"
>
> A thousand times yes.
There is however a little fly in that particular ointment. Sure, we can develop system that manage pairwise keys, store them safely, share them between several user devices. But what about PFS? Someday, the pairwise key will be compromised, and the NSA will go back to the archives to decrypt everything. We could certainly devise a variant of DH that use the pairwise key to verify the integrity of the session keys, but that brings the public key technology back in the picture. Maybe I am just ignorant, but I don't know how to get PFS using just symmetric key algorithms. Does someone know better?
- -- Christian Huitema
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/
Charset: utf-8
iQEcBAEBAgAGBQJSLU6uAAoJELba05IUOHVQ32QH/jVt7j/FpZXc7G07fvfu8/ij
4h53Vn0dfNZmX+XLNX3yILizSz712bGEGWVnq7nPh1IB9JEbYu0lFJxzXbZB6Cv1
Owu+QKnJ1NgctggwKkaCwOELFPNEZ1amzu3f+Haxrq9knv/H2/mykpLPyRR0IU8T
8KFoud1rg7nffIW+flkEGVGgcExibjXOd8H7+/q6Mu6u4/aVJ4O3m2c1sv0kLhl3
gPIeoD8LlRBERUslkqF/jEv6PVgByLD8D94/f7wJ34e9RZQNILPH2dGdck02G/vK
IimsR7K/9cB0KhNnIIqCnmxYSvm7KU97h6ejm5lyyZPTtnoDPjfEU+0w7vl5uMs=
=ze/o
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
