Privacy

29872 readers

1993 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

So, I'm interested how the implementation of "Perfect Forward Secrecy" in Signal looks like, like does every messages has a different encryption key? or does it change over time like [#whatsapp](https (infosec.exchange)

submitted 10 months ago* (last edited 10 months ago) by voxel@infosec.exchange to c/privacy@lemmy.ml

3 comments fedilink hide all child comments

Thats why I'm asking, does anyone of you know smth about this and maybe can provide a link to a official source?

#signal #signalapp #privacy #encryption @signalapp @SignalUpdateInfo @privacy

top 3 comments

sorted by: hot top controversial new old

[–] solrize@lemmy.ml 0 points 10 months ago (1 children)

Don't know about Signal but the way PFS usually works is there is something like a Diffie-Hellman (DH) key exchange. Each person generates a random (private) number, remembers it, crunches it mathematically into a public number, and sends the public number to the other person. Each then combines their private number with the public number that they got from the other person, and this (because of how DH works) cleverly gives both people the same secret number they use for the encryption, but the secret can't be reconstructed without knowing at least one of the private numbers. Finally, the PFS part is simply that each person permanently deletes both the shared secret and the private number they generated for that exchange (they will create new ones next time they want to communicate). That means there is no way to reconstruct the secret and re-decrypt the message.

Of course, authentication also has to be added to all this.

For more info, probably easiest to look up Diffie-Hellman key exchange online.

[–] sexy_peach@feddit.de 0 points 10 months ago (1 children)

Diffie-Hellman is only a key exchange protocol and does not provide forward secrecy. Imagine that my and your client figure out our shared secred (key) with DH, then encrypt our chat with that. If someone breaks only a bit of our traffic, then they can read newer messages as well.

https://en.wikipedia.org/wiki/Forward_secrecy

Forward secrecy means that at any point messages are encrypted with keys that aren't reused forever, which means if an attacker can intercept traffic and read a bit, or crack the encryption, that they don't automatically get access to our future conversation as well.

[–] solrize@lemmy.ml 2 points 8 months ago

The PFS comes from deleting the secret DH parameters after you are done using them.