Alkema: Misconceptions about forward-secrecy

Thijs Alkema has posted a blog entry addressing several common misconceptions about forward secrecy. Included in the discussion are a debunking of the notion that using more keys results in greater difficulty breaking the encryption ("To break a number of Diffie-Hellman negotiated keys all using the same Diffie-Hellman group, a number of different attacks are known. Many of these scale pretty well in the number of sessions.") and a look at the notion that forward secrecy makes it impossible to break future sessions. "The first two steps do not use the key at all, their result can be stored for later use to decrypt future keys. There is a trade-off here, though: the larger the factor base, the slower the first and second stages are, but the faster the third stage is. It’s unlikely that it is worth the effort to make the third stage as efficient as decrypting a session with a RSA private key is, but it’s not impossible."