Skip to content
This repository has been archived by the owner on Aug 19, 2021. It is now read-only.

Perfect Forward Secrecy

Jump to bottom
Michael Farb edited this page Nov 21, 2014 · 3 revisions

There are 2 ways that one of your contacts may not be using the key you have verified: willingly and against their will. When your contact's key is used by someone else against their will, this is either theft or coercion.

Stolen Keys

If your passphrase-protected key has been discovered due to brute-force attack on a weak passphrase, or by malicious hardware and/or operating systems how can we secure past communications for these keys? Designs for a feature to protect against this are forthcoming, please let know if you'd like to collaborate.

Off-The-Record

SafeSlinger does not currently implement the OTR protocol as a method of perfect forward secrecy using ephemeral keys. OTR works best for synchronous messaging and currently SafeSlinger's messaging is asynchronous, so it would be a challenging design. We are definitely encouraged however, by the TextSecure design to accomplish this. We are actively seeking to add our improved key verification method to tools which already use OTR. If you want to collaborate on an improved key verification method for your OTR messaging system, please contact us: [email protected].

Clone this wiki locally