Encryption: What's Perfect Forward Secrecy?

By Xah Lee. Date:

due to the [ Edward Snowden ] [ https://en.wikipedia.org/wiki/Edward_Snowden ] and NSA fiasco of recent, there's something called [ Perfect forward secrecy ] [ https://en.wikipedia.org/wiki/Perfect_forward_secrecy ] going around. Here's what it means.

When you are using Public Key Cryptography (PKC), such as HTTPS protocol, you have public key and private key. For example, when you buy something on Amazon, its public key is in your browser, and its server has its private key.

The point here is that, once the secret key is lost, all is lost. If NSA have saved all your encrypted traffic for years, they may one day ask/get Amazon's secret key, and your life's history is a open book.

Now, PKC with Perfect Forward Secrecy (PFS) doesn't have this problem. Here's a excerpt from Wikipedia:

In an authenticated key-agreement protocol that uses public key cryptography, perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future.

… For PFS to exist, the key used to protect transmission of data must not be used to derive any additional keys, etc.

however, looks like nobody is using PFS (not any of the banks, etc), except Google in Gmail and perhaps a few others. See these two nice article:

Note, encryption is extremely complicated business. The above is a very simplified explanation.

For a basic intro, see: Understanding Public-Key Cryptography for Beginner .