Comment on Why Signal’s post-quantum makeover is an amazing engineering achievement
ignirtoq@fedia.io 6 months ago
While a TLS uses the same key throughout a session, keys within a Signal session constantly evolve.
What are we defining as a "session" for Signal? The vast majority of TLS sessions exist for the duration of pulling down a web page. Dynamically interact with that page? New HTTP request backed by a new TLS session. Sure, there are exceptions like WebSockets, but by and large TLS sessions are often short.
Is a Signal session the duration of sending a single message? An entire conversation? The entire time you have someone in your address book? It doesn't seem like an apples-to-apples comparison.
I think the biggest thing here is that beyond just a session key (to make sessions secure from each other), this approach uses a rotating session key. That means each transaction in a sesssion is unique ensuring forward and backward secrecy.
I may have read it wrong plus cybersecurity is not my forte.
Valmond@lemmy.world 5 months ago
Isn’t asymmetric used for the handshake only? And then like AES or something which have evolving keys (and are quite quantum resistant).