RPRX
@mzz2017 事实上后向安全是很难得到保证的,TLS 也做不到这一点,但动态更新的密钥为后向安全提供了基本的可能性,这一点比 TLS 强
@QuantumGhost Thanks for your advice. But seems it's not necessary to thumb down my design at first, which is very impolite that everybody can tell.
@fortuna Here's an _Academic Explanation_ In short, this simple mechanism provides: 1. **Synchronized** status, without extra communication. (so this doesn't require protocol change or additional long-term channels) 2. Calculate the...
@QuantumGhost 这个问题很难解决,我只是描述了一个尴尬的事实:由于缺乏前向安全,在国产手机上使用现有的 SS 是风险极高的行为
@QuantumGhost 注意云备份是定期备份,不是实时监控,就这一点而言,TLS 方案比 SS 方案更安全
@wevsty https://en.wikipedia.org/wiki/Forward_secrecy
@DuckSoft y As for this guy @wevsty , seems he doesn't know "what's Forward Secrecy" at all, and totally misunderstands my design. Oh god.
或者我这么说,假设你一开始是在电脑上使用 SS,此时只要你电脑不丢,就是相对安全的 某一天你想在手机上用 SS,扫个二维码,晚上系统给你云端一下,boom,连你电脑的 SS 也跟着不安全了,甚至包括历史通讯
To aviod misunderstanding, new expression: `newkey = hash(oldkey)`