An Improved E-Mail Security Protocol
B. Schneier and C. Hall
13th Annual Computer Security Applications Conference, ACM Press, December 1997, pp. 232-238.
Current e-mail security systems base their security on the secrecy of the long-term private key. If this private key is ever compromised, an attacker can decrypt any messages--past, present, or future--encrypted with the corresponding public key. The system described in this paper uses short-term private-key/public-key key pairs to reduce the magnitude of this vulnerability.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..