In cryptography, some ciphers may be labelled with the acronym PFS.
This stands for Perfect Forward Secrecy.
Some implementations may simply refer to PFS as FS.
This acronym means Forward Secrecy or Forward Secure.
In any case, they all talk about the same thing.
Understanding what Perfect Forward Secrecy means, requires you to understand the basics of cryptographic key exchange.
Contents
Cryptography basics
To communicate securely the ideal solution is to use symmetric encryption algorithms.
These are fast, much faster than asymmetric algorithms.
They, however, have a fundamental problem.
As such it’s crucial that you be able to secure the channel first.
This is done using asymmetric cryptography in practice.
To secure an insecure channel a process called Diffie-Hellman key exchange is performed.
Bob then combines his private key with Alices public key to generate a secret.
This secret can then be used as the encryption key for a fast symmetric encryption algorithm.
Websites have a certificate, signed by a certificate authority.
This certificate includes a public key, for which the server has the private key.
If an interested, malicious party wanted to decrypt encrypted data, theyd have a hard time of it.
A cryptographic system, however, is only as secure as the key.
This issue obviously has some large requirements.
First, the key needs to be compromised.
The attacker also needs any encrypted traffic that they want to decrypt.
For your average attacker, this is quite a difficult requirement.
Perfect Forward Secrecy
The solution to this is to not use the same encryption key for everything.
Instead, you want to use ephemeral keys.
Perfect forward secrecy requires the server to generate a new asymmetric key pair for each connection.
The certificate is still used for authentication but is not actually used for the key negotiation process.
The private key is kept in memory only long enough to negotiate the secret before being wiped.
Likewise, the secret is only kept for as long as its in use before it is cleared.
In particularly long sessions, it may even be renegotiated.
Tip: In cipher names, ciphers featuring Perfect Forward Secrecy are typically labelled with DHE or ECDHE.
The DH stands or Diffie-Hellman, while the E on the end stands for Ephemeral.
As such perfect forward secrecy provides broad protection against blanket web connection traffic capture.
Conclusion
Perfect Forward Secrecy is a tool to protect against blanket historical surveillance.
PFS ensures that each session uses unique ephemeral keys.
