glymr glymr_darkmoon at
Tue May 16 09:39:48 UTC 2006

Hash: RIPEMD160

Matej Kovacic wrote:
> OK, the problem is what if authority force you to reveal the keys?
> I am sure you all know this:
> Perfect forward secrecy
>     If you lose control of your private keys, no previous conversation
> is compromised.
> Why not to add aditional feature: to generate keys each time Tor is
> started (or even for each "conversation")?
> Then you have perfect forward secrecy AND also future secrecy (except an
> attacker steals key for each "conversation" at the beginning of it). And
> if keys are not stored anywhere, you can't give them.
> Or this has already been discussed and I am missing something?
> bye, Matej

Problem is that key generation with adequate entropy levels is time and
processor intensive. It all depends on how big your keys are tho. I use
a 4096 bit pgp key and it often takes up to 5 minutes to generate a new
key. With a hardware RNG it's not so bad, but with a software one you
are dependent on stochastic phenomena disrupting the orderliness of the
computer's executions stream.
Version: GnuPG v1.4.3 (MingW32)


More information about the tor-talk mailing list