Home/Cryptography/PFS

Perfect Forward Secrecy

Protecting Past Sessions

9 min read Updated 2024

What Is PFS?

Perfect Forward Secrecy ensures that if your long-term keys are compromised in the future, past encrypted sessions remain secure. Each session uses unique ephemeral keys that are deleted after use.

With vs Without PFS
Without PFS:
Key stolen → ALL past & future messages compromised

With PFS:
Key stolen → Only future messages at risk
Past sessions used different keys (now deleted)

How It Works

Ephemeral Keys

Fresh key pair for each session

Per-session

DHE/ECDHE

Ephemeral Diffie-Hellman exchange

Protocol

Key Deletion

Session keys securely erased after use

Security

Why It Matters

Mass SurveillanceAgencies store encrypted traffic, hoping to decrypt later
Future VulnerabilitiesKeys might leak via bugs, theft, or legal compulsion
Quantum ComputersMay break current key exchange in the future

PFS in Practice

  • TLS 1.3 - PFS mandatory (ECDHE only)
  • Signal Protocol - Double Ratchet provides PFS per-message
  • WireGuard - Ephemeral keys with 2-minute rotation
  • SSH - Use ECDHE key exchange

Check TLS PFS

Testing PFS
$ openssl s_client -connect example.com:443
Server Temp Key: ECDH, P-256, 256 bits
← "Temp Key" = PFS enabled!