So, I’m interested how the implementation of “Perfect Forward Secrecy” in Signal looks like, like does every messages has a different encryption key? or does it change over time like #whatsapp does? I tried to find any official documention of this, sadly did not find anything.
Thats why I’m asking, does anyone of you know smth about this and maybe can provide a link to a official source?
#signal #signalapp #privacy #encryption @signalapp @SignalUpdateInfo @privacy
Don’t know about Signal but the way PFS usually works is there is something like a Diffie-Hellman (DH) key exchange. Each person generates a random (private) number, remembers it, crunches it mathematically into a public number, and sends the public number to the other person. Each then combines their private number with the public number that they got from the other person, and this (because of how DH works) cleverly gives both people the same secret number they use for the encryption, but the secret can’t be reconstructed without knowing at least one of the private numbers. Finally, the PFS part is simply that each person permanently deletes both the shared secret and the private number they generated for that exchange (they will create new ones next time they want to communicate). That means there is no way to reconstruct the secret and re-decrypt the message.
Of course, authentication also has to be added to all this.
For more info, probably easiest to look up Diffie-Hellman key exchange online.
Removed by mod
The PFS comes from deleting the secret DH parameters after you are done using them.