Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Strange that they recommend an elliptic-curve based implementation considering it's not quantum resistant.

Wow, people using 512 bit keysizes in 2018??<p>Back in 2014 I got the recommendation to ditch 2048 in favor of 4096.

This is relevant to my interests. Thank God we&#x27;re already using ECC for everything.

I&#x27;m confused... Wasn&#x27;t all that published in 2015 already?<p>Edit: ah it says it right there on this article: The full version of this paper was published in Proceedings of the 22nd Conference on Computer and Communications Security (CCS), October 2015, ACM<p>Mods, maybe add a &quot;2015&quot; to the title?

Working link <a href="http:&#x2F;&#x2F;sci-hub.se&#x2F;downloads&#x2F;17ae&#x2F;10.1145@3292035.pdf" rel="nofollow">http:&#x2F;&#x2F;sci-hub.se&#x2F;downloads&#x2F;17ae&#x2F;10.1145@3292035.pdf</a>

<a href="https:&#x2F;&#x2F;weakdh.org&#x2F;imperfect-forward-secrecy.pdf" rel="nofollow">https:&#x2F;&#x2F;weakdh.org&#x2F;imperfect-forward-secrecy.pdf</a>

<a href="https:&#x2F;&#x2F;dl.acm.org&#x2F;citation.cfm?doid=2810103.2813707" rel="nofollow">https:&#x2F;&#x2F;dl.acm.org&#x2F;citation.cfm?doid=2810103.2813707</a>

localhost? wrong redirect?

So that thing I learned last semester is useless?