[messaging] Forward secrecy and multiple devices

Ximin Luo infinity0 at pwned.gg
Fri Oct 31 09:10:16 PDT 2014

On 31/10/14 15:50, Moxie Marlinspike wrote:
> 4) Device 'A' can use a regular axolotl session to transmit existing
> message history to device 'B'.

"axolotl is forward-secret" doesn't mean "the entire application is forward-secret".

The fact that the device stores message history, reduces the effectiveness of having sent the message through a forward-secret scheme like axolotl - an attacker who can compromise the long-term key can just compromise the history itself.

Now, one can argue "it's harder to exfiltrate the entire message history than a few keys", especially if the message history is large. But still, this is going outside of typical "forward secrecy" concerns.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141031/16f6f0f0/attachment.sig>

More information about the Messaging mailing list