Forward Secrecy

The security of communications transmitted across the Internet can be improved by using public key cryptography. However if the public and private keys used in those communications are compromised it can reveal the data exchanged in that session as well as the data exchanged in previous sessions.

The concept of Perfect Forward Secrecy (PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future. Online systems such as IPSEC can negotiate new keys for every communication and if a key is compromised only the specific session it protected will be revealed.

Forward Secrecy has been used as a synonym for Perfect Forward Secrecy but there is a subtle difference between the two. Perfect Forward Secrecy has the additional property that an agreed key will not be compromised even if agreed keys derived from the same long-term keying material in a subsequent run are compromised.

For Perfect Forward Secrecy to exist the key used to protect transmission of data must not be used to derive any additional keys, and if the key used to protect transmission of data was derived from some other keying material, that material must not be used to derive any more keys.

Perfect Forward Secrecy (PFS) refers to the notion that compromise of a single key will permit access to only data protected by a single key. To protect storage of data (especially passwords) it is recommended that you use a derived key to encrypt the data. Using PBKDF2 (Password-Based Key Derivation Function 2) can mitigate against brute-force cracking attempts.

Google uses forward secrecy, and has confirmed that forward secret HTTPS is used for Gmail and many other Google HTTPS services such as SSL Search, Docs and Google+. Users of the Chrome web browser can check whether they have forward secret connections by clicking on the green padlock in the address bar of HTTPS sites. Google’s forward secret connections have a key exchange mechanism of ECDHE_RSA which is based on Elliptic Curve Diffie-Hellman Exchange (ECDHE). In November 2013 Twitter confirmed that it had implemented Forward Secrecy on all of its web sites and API feeds.

Enabling forward secrecy on a web server can be achieved by configuring your server with ECDHE and DHE suites at the top of your list. You can check your server using the Qualys SSL Server Test.

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Perfect forward secrecy".