Closed ustulation closed 4 years ago
Ah the question's answered there now. So it seems it's only from a forward-secrecy point of view that it's recommended to have ephemeral DH keys. Otherwise there's no other reason (like it becomes more susceptible to attack theoretically etc.) . That is all I was after. If anybody has anything more on this pls let me know else feel free to close this. I'll close this issue in a day or two if no one else closes.
Hi, Since contributors here deal a lot with implementation of the cryptographic primitives, I was wondering if some of you also have an opinion on the question posted here.
To expand that link here:
In
X25519
(ECDH
overCurve25519
) Peer A and B exchange their Public KeysPkA and PkB
and then calculate a shared-secretSecAB
usingcombinationOf(SkA, PkB) == combinationOf(SkB, PkA)
.For forward secrecy, I think it's recommended for A and B to re-negotiate a new shared-secret regularly (thus advertise new Public Keys).
Leaving that aside is there any other disadvantage if A uses the same Public Key that they have with everyone to get corresponding shared-secret VS if they use new Public Key with each new peer ?
In other words:
PkA
to all,B
,C
,D
..., and as usual calculates shared-secret usingPkB
,PkC
,PkD
asSecAB
,SecAC
,SecAD
and so on and uses those to encrypt/decrypt messages to the corresponding peers.PkAB
toB
,PkAC
toC
,PkAD
toD
and so on. Then, just like before, calculate the shared-secret after using Public Keys of the corresponding peers asSecAB
,SecAC
,SecAD
and so on.Is
1.
above less secure in context of howX25519
(and its maths) works than2.
? Or is it just wasteful to do2.
and1.
is equally good ?Thanks !