encryption: What's Perfect Forward Secrecy?

Perm URL with updates: http://xahlee.info/comp/perfect_forward_secrecy.html

due to the Edward Snowden and NSA fiasco of recent, there's something called Perfect forward secrecy going around.

here's what it means. When you are using Public Key Cryptography (PKC), such as HTTPS protocol, you have public key and private key. For example, when you buy something on Amazon, its public key is in your browser, and its server has its private key.

The point here is that, once the secret key is lost, all is lost. If NSA have saved all your encrypted traffic for years, they may one day ask/get Amazon's secret key, and your life's history is a open book.

Now, PKC with Perfect Forward Secrecy (PFS) doesn't have this problem. Here's a excerpt from Wikipedia:

In an authenticated key-agreement protocol that uses public key cryptography, perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future.

… For PFS to exist, the key used to protect transmission of data must not be used to derive any additional keys, ….

however, looks like nobody is using PFS (not any of the banks, etc), except Google in Gmail and perhaps a few others. See these two nice article:

  • Perfect Forward Secrecy can block the NSA from secure web pages, but no one uses it By Michael Horowitz. @ blogs.computerworld.com…
  • The price to pay for perfect-forward secrecy By Nikos Mavrogiannopoulos. @ nmav.gnutls.org…

Note, encryption is extremely complicated business. The above is a very simplified explanation.

For a basic intro, see: Intro to Public-key Cryptography for Sys Admin; What's HTTPS, SSH, SSL, TLS, AES, SHA-1, MD5, ….

Popular posts from this blog

Browser User Agent Strings 2012

11 Years of Writing About Emacs

does md5 creates more randomness?