[guardian-dev] ChatSecure & TextSecure

[Alexander Krug]

if i'm not mistaken, this whole "rolling ephemeral keys for async
communication after an initial key exchange" thing is pretty central to
the Briar Transport Protocol, and the folks on the Briar Devel list (
http://sourceforge.net/mailarchive/forum.php?forum_name=briar-devel )
have been at this for quite some time to get it right.

i don't know whether you are aware of their work and vice versa, but i
think Michael Rogers could be an interesting conversation partner on
this topic.

also thanks for what you do, finally got an android phone and now i
actually get to use the apps you make :)

cheers
-k


Nathan of Guardian:
> 
> 
> Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> Nathan of Guardian:
>>> On 08/27/2013 11:17 AM, Abel Luck wrote:
>>>> tl;dr I think we should persist sessions keys on encrypted disk,
>> because
>>>> it's not any less secure.
>>>
>>> I do, as well.
>>
>> You lose backward secrecy in addition to forward secrecy within the
>> window of another party using that session key. We might as well just
>> call that less secure as it is less secure.
>>
>> I think a better answer is to use the extra session key and use it for
>> long term needs and if anything is cached, cache that or a hash of that
>> data.
> 
> I was thinking about that, as well, since are using that key for encrypted data transfer anyhow. It could be used for encryption of async messages sent when the other party is offline past some agreed upon session timeout perhaps.
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/guardianproject%40krugar.de
> 
> You are subscribed as: guardianproject at krugar.de
>