top | item 45638003

(no title)

colmmacc | 4 months ago

No, this absolutely is not how forward secrecy works in TLS. Forward secrecy protects against a break in the signature algorithm, but not in the key agreement algorithms.

Both the FFDH and ECDH key agreement algorithms are vulnerable to quantum crypt-analysis; someone capturing traffic today could later break that agreement and then decrypt the data. An attacker would have to capture the entire session up to the "point of interest" though.

This is why FFDH/ECDH are being augmented with Post-Quantum secure KEMs.

discuss

No comments yet.