Another important concept is where the key is ephemeral. For some key exchange methods, the same key is generated when the same parameters are used on both sides. This can create problems, as an intruder could guess the key or even where the key was static and was never changed. In the case of ephemeral methods, a different key is used for each connection, and again, expiring a long-term key would not result in a violation of all the corresponding session keys. The problem with the Diffie-Hellman method is that keys are not ephemeral, so we should avoid it when generating keys.

Ephemeral Key Agreement | כללי | Comments (0)