| ▲ | zenmac 8 days ago | |
Isn't that why we have PFS now? | ||
| ▲ | gruez 8 days ago | parent | next [-] | |
No, PFS is to ensure communications aren't compromised even if the server's private keys are compromised afterwards. It has nothing to do with mitigating known plaintext attacks. That's already mitigated with techniques like randomized IVs. | ||
| ▲ | numpad0 8 days ago | parent | prev | next [-] | |
So-called perfect forward secrecy uses temporary keys so that eavesdropped logs can't be decrypted after those keys are discarded. To prevent known-plaintext attacks and/or statistical analysis, data entropy must be equalized so that patterns won't be apparent even before encryption. | ||
| ▲ | ajb 7 days ago | parent | prev [-] | |
No - our actual encryption primitives work better, and don't suffer from this problem. (Other comments give an explanation of what PFS is actually for). | ||