An attacker captures the encrypted communication between two parties for a week, but is unable
to decrypt the messages. The attacker then compromises the session key during one exchange
and successfully compromises a single message. The attacker plans to use this key to decrypt
previously captured and future communications, but is unable to. This is because the encryption
scheme in use adheres to:
A.
Asymmetric encryption
B.
Out-of-band key exchange
C.
Perfect forward secrecy
D.
Secure key escrow
A: Really?
In cryptography, forward secrecy (FS; also known as perfect forward secrecy[1]) is a property of secure communication protocols in which compromise of long-term keys does not compromise past session keys.[2] Forward secrecy protects past sessions against future compromises of secret keys or passwords.[3] If forward secrecy is used, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future, even if the adversary actively interfered.
1
0
True, its perfect forward secrecy
1
0
C
1
0
Asymmetric encryption does not use session keys, it uses the recipient’s public key to encrypt data and the recipient’s private key to decrypt data. It means A is definitely wrong.
Forward secrecy is a property of any key exchange system, which ensures that if one key is compromised, subsequent keys will not also be compromised. Perfect forward secrecy occurs when this process is unbreakable.
The correct answer is C.
1
0