Perfect Forward Secrecy


Perfect Forward Secrecy is a property of secure communication protocols whereby if compromise of long-term keys does not compromise past session keys.

Perfect Forward Secrecy protects past sessions against future compromises of secret keys or passwords.

If Perfect Forward Secrecy is implemented, encrypted communications recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future.

In modern cryptographic communication typically the problem to solve is that the private key is used for two purposes:[1]

Authentication only matters while the communication is established, but the encryption is expected to last for years.

Perfect Forward Secrecy is an enhanced version of forward secrecy. Perfect Forward Secrecy assumes each exchanged key, the Authentication and Encryption keys, are independent and therefore a compromised key cannot be used to compromise another one.

More Information#

There might be more information for this subject on one of the following: