Perfect Forward Secrecy protects past sessions against future compromises of secret keys or passwords.
If Perfect Forward Secrecy is implemented, encrypted communications recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future.Authentication only matters while the communication is established, but the encryption is expected to last for years.
Perfect Forward Secrecy is an enhanced version of forward secrecy. Perfect Forward Secrecy assumes each exchanged key, the Authentication and Encryption keys, are independent and therefore a compromised key cannot be used to compromise another one.
More Information#There might be more information for this subject on one of the following:
- Diffie-Hellman Ephemeral
- Diffie-Hellman or RSA
- Key Generation
- Off-the-Record Messaging
- RSA key-exchange
- TLS 1.3
- TLS Full Handshake
- TLS Session Resumption