[messaging] Forward secrecy and multiple devices
infinity0 at pwned.gg
Fri Oct 31 09:10:16 PDT 2014
On 31/10/14 15:50, Moxie Marlinspike wrote:
> 4) Device 'A' can use a regular axolotl session to transmit existing
> message history to device 'B'.
"axolotl is forward-secret" doesn't mean "the entire application is forward-secret".
The fact that the device stores message history, reduces the effectiveness of having sent the message through a forward-secret scheme like axolotl - an attacker who can compromise the long-term key can just compromise the history itself.
Now, one can argue "it's harder to exfiltrate the entire message history than a few keys", especially if the message history is large. But still, this is going outside of typical "forward secrecy" concerns.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Messaging