[guardian-dev] ChatSecure & TextSecure

Jacob Appelbaum jacob at appelbaum.net
Fri Aug 30 01:14:07 EDT 2013


Nathan of Guardian:
> On 08/27/2013 11:17 AM, Abel Luck wrote:
>> tl;dr I think we should persist sessions keys on encrypted disk, because
>> it's not any less secure.
> 
> I do, as well.

You lose backward secrecy in addition to forward secrecy within the
window of another party using that session key. We might as well just
call that less secure as it is less secure.

I think a better answer is to use the extra session key and use it for
long term needs and if anything is cached, cache that or a hash of that
data.

All the best,
Jake


More information about the Guardian-dev mailing list