ustulation
commented
5 years ago Ah the question's answered there now. So it seems it's only from a forward-secrecy point of view that it's recommended to have ephemeral DH keys. Otherwise there's no other reason (like it becomes more susceptible to attack theoretically etc.) . That is all I was after. If anybody has anything more on this pls let me know else feel free to close this. I'll close this issue in a day or two if no one else closes.
Hi, Since contributors here deal a lot with implementation of the cryptographic primitives, I was wondering if some of you also have an opinion on the question posted here.
To expand that link here:
In
X25519(ECDHoverCurve25519) Peer A and B exchange their Public KeysPkA and PkBand then calculate a shared-secretSecABusingcombinationOf(SkA, PkB) == combinationOf(SkB, PkA).For forward secrecy, I think it's recommended for A and B to re-negotiate a new shared-secret regularly (thus advertise new Public Keys).
Leaving that aside is there any other disadvantage if A uses the same Public Key that they have with everyone to get corresponding shared-secret VS if they use new Public Key with each new peer ?
In other words:
PkAto all,B,C,D..., and as usual calculates shared-secret usingPkB,PkC,PkDasSecAB,SecAC,SecADand so on and uses those to encrypt/decrypt messages to the corresponding peers.PkABtoB,PkACtoC,PkADtoDand so on. Then, just like before, calculate the shared-secret after using Public Keys of the corresponding peers asSecAB,SecAC,SecADand so on.Is
1.above less secure in context of howX25519(and its maths) works than2.? Or is it just wasteful to do2.and1.is equally good ?Thanks !