|
|
|
|
|
|
by 1101010010
1160 days ago
|
|
|
> There’s a big difference between identity keys and session keys. It makes total sense to use lots of throw away keys (this is how tls works) but making a new identity key for every message is madness. That's not what happens (new identity for each message) and compromise of a Signal identity key has no impact on message security, unlike GPG. Also it's not how all TLS works; it's how TLS works with perfect secrecy ciphers only. > There is no empirical evidence for how frequently to rotate your identity keys. Certainly not if you refuse to look for it. > A few years ago NIST started recommending never changing passwords unless they are compromised Passwords derive session keys (cookies) which rotate very frequently. You have a lot to learn about computer security, I'm happy to make some reading recommendations if you're sincerely interested. |
|
|