Questions tagged [future-secrecy]

A protocol is said to have future-secrecy (or post-compromise security) if compromising the master keys does not allow compromising future sessions. This is a counterpart to forward-secrecy, which is about protecting past sessions.

A protocol is said to have future-secrecy (or post-compromise security) if compromising the master keys does not allow compromising future sessions. This is a counterpart to forward-secrecy, which is about protecting past sessions.

2 questions

votes

1 answer

How does future secrecy fail for Signal group messaging?

In the paper More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema, the abstract claims that We additionally show that strong security properties, such as Future Secrecy which is a core part of the …

asked Sep 01 '18 at 02:47

rlee827

votes

1 answer

Does Off-The-Record protocol provide future (backward) secrecy?

I know Signal provides future (backward) secrecy, and that it is based on Off-The-Record protocol. However, does OTR by itself also provide future secrecy?

protocol-design forward-secrecy future-secrecy

asked Dec 11 '18 at 23:26

fraiser