Perfect Forward Secrecy
What is Perfect Forward Secrecy?
Perfect Forward SecrecyA protocol property ensuring that the compromise of long-term keys does not allow decryption of past session traffic.
Perfect Forward Secrecy (PFS, also called simply forward secrecy) is a property of key-exchange protocols guaranteeing that the compromise of a server's long-term private key in the future does not expose previously recorded sessions. It is achieved by deriving each session key from ephemeral key pairs — typically (EC)DHE — that are discarded after the handshake, so even if an attacker later steals the server certificate's private key or records all traffic, they cannot recover the session keys. TLS 1.3 mandates PFS by using ECDHE for every handshake and removing static-RSA key exchange; Signal, WireGuard, and SSH also enforce forward secrecy. PFS is essential against "harvest now, decrypt later" attacks, including those motivated by future quantum capabilities.
● Examples
- 01
TLS 1.3 establishes session keys with ECDHE over X25519, providing forward secrecy by default.
- 02
WireGuard's Noise IK handshake uses ephemeral Curve25519 keys for forward secrecy.
● Frequently asked questions
What is Perfect Forward Secrecy?
A protocol property ensuring that the compromise of long-term keys does not allow decryption of past session traffic. It belongs to the Cryptography category of cybersecurity.
What does Perfect Forward Secrecy mean?
A protocol property ensuring that the compromise of long-term keys does not allow decryption of past session traffic.
How do you defend against Perfect Forward Secrecy?
Defences for Perfect Forward Secrecy typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Perfect Forward Secrecy?
Common alternative names include: Forward Secrecy, PFS.