|
|
|
|
|
|
by spapas82
1762 days ago
|
|
|
Yes there's no PFS in ETSD. The data is encrypted with the recipient's public key as normally in PGP so if the private key is compromised then the malicious user can decrypt all messages that were encrypted with that key (if he also gets access to the server holding the ciphers of course). We wanted to use PGP because it's a well known and heavily tested solution. Also, the openpgp.js library is great and makes it really easy to encrypt/decrypt the messages to the client side without the need to really mess with security stuff. Finally, the users would want to have access to their old messages in the future so using ephemeral keys for each transmission wasn't really possible. |
|
|