On Wed, Sep 18, 2013 at 10:22 AM, Michael Rogers <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 18/09/13 17:27, Trevor Perrin wrote: >> Hmm, I would've thought clocks are *less* reliable than storage on >> most devices. > > That may be true, but this isn't a choice between relying on the clock > or relying on storage. It's a choice between relying on both, or > relying only on the clock.
A quick glance at Briar makes it looks like it already uses local storage: > >> Certainly this has worse forward-secrecy than updating keys >> per-message, as keys for old ciphertext are kept around for some >> period. > > Yes, updating keys per-message would be preferable if we could assume > an ongoing two-way exchange of messages. For OTR's instant messaging > use case that's a reasonable assumption. For Briar's use case it's not. > > Cheers, > Michael > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQEcBAEBAgAGBQJSOeFqAAoJEBEET9GfxSfMJFEH/jnyd3SAYKhNAhQVFOYlvyy1 > zckK4VQClQPEOwRcidSud9zSxblRQXQGJSO+pB23niHgpbomzDx7fc5jKlShF/yt > sZ8qJ2gj13xZey0rp+DWK3DCcKq0erEbDd58bngJsHtFoVyjYpsZKfMi8Mqhl3iN > 2QvEXkwkUzVTSX8bks30WRgGAObimvEHAOU7eOY32xZgy/l2VwUDOws5fd0lc5+p > +HcEQLyckkSZnaF6C/vXa6jbNYigRLzR+UslIVnshg1BWrgShxe+f+2TtWhLDNqD > 1y0vRdhW+JzQYcwmmTQyHpKGl5qCQ6vmkYxdmsm6JvGLFR06q+FG8thaWE/VCU4= > =hmqv > -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
