[Discuss] KeePassX
Kent Borg
kentborg at borg.org
Wed Aug 14 07:36:35 EDT 2013
On 08/14/2013 06:34 AM, Jerry Feldman wrote:
> Agreed. But, breaking the session key only works for a single message
> or a single session. If they want to target a specific individual,
> breaking the RSA/DSA keys will give them access to all encrypted
> messages. (within the context is that a sent message is encrypted by
> the recipient's public key),
Yes, breaking the RSA/DSA key will let them read files or e-mails
(effectively a file) encrypted with that public key. But I think that
if you are doing SSL with that public key, the key exchange cannot be
understood by a passive observer, so passively recording the packets
will not let someone later decrypt the exchange.
-kb
More information about the Discuss
mailing list