Their protocol doesn't provide any forward secrecy. It uses the PGP protocol model, which is increasingly being seen as an architectural dead end (particularly given the recently revealed ciphertext recording capabilities of NSA):
Yikes, that actually looks like potentially deceptive marketing to me.
> "Yes, Threema provides forward secrecy on the network connection. Client and server negotiate temporary random keys, which are only stored in RAM and replaced every time the app restarts (and at least once every 7 days). An attacker who has captured the network traffic will not be able to decrypt it even if he finds out the long-term secret key of the client or the server after the fact."
My reading is that they have an end-to-end secure protocol that does not provide forward secrecy, which happens to be routed through a server which uses HTTPS w/ an ephemeral cipher suite for the network transport, with a TLS session ticket that they rotate the key on every 7 days.
We should ask them for more details, but if true, that would be pretty deceptive of them.
Wow, ok. So, just to be clear, what you're saying is that you're interpreting their claims here as being exclusively related to the network transport; the underlying end-to-end protocol does not use ephemeral keys as far as you know.
If I'm understanding you correctly, and you're understanding them correctly, that is quite deceptive indeed.
Hello, Mr. Moxie...I was just wondering if I understood you about what you said here...is the PGP model being considered a dead end because of the "store it forever in Utah" model of the NSA? Excuse my ignorance, but, don't all public key systems actually end up using a symmetric key to crypt a message and that key doesn't get re-used? How is that different from PFS? (If this is too grade school, a "RTFM" is cool...)
https://whispersystems.org/blog/asynchronous-security/