What is Perfect Forward Secrecy?

Written by
Shubhra Prakash Nandi's picture

Not so long ago the web was a small and nice place where people did not play bad and wandered around just to read HTML webpages and obtain information. Information travelled in plain text and encryption of data in transit was seen more as an overhead rather than a necessity. As web became more and more commercialized and people started sharing personal and financial information to third party vendors over the web, people with malicious intentions saw this loophole in internet security a way to obtain sensitive information about people and organizations for personal and financial gains and even to harm others interests. This phenomenon started to be famously called as MITM (man in the middle) attack as anyone standing in between the source and recipient of information on the web could easily see what information was being exchanged between them.

This rang an alarm bell in the minds of internet authorities and IT majors as this would jeopardize their intent to provide personalized services and perform commercial transactions over the internet. The web needed to be secured.

Over these years internet security has evolved many folds and many of earlier issues with security has been dealt with but newer issues have come up. The purpose of this article is to make you aware of a potential vulnerability which exists even with encrypted transmission of data over the internet now and how to overcome it.

To understand this vulnerability we need to understand how data transmission is made secure over the internet. Most of the servers over the internet uses something called asymmetric cryptography between it and the client like web browser or a file storage app to secure transmission of data. Asymmetric cryptography uses a pair of keys namely public key and private key and encryption and decryption occurs in the following manner. Any information encrypted using the public key can only be decrypted by the one having the private key. So on the web public key is shared by a server to all it’s clients. Data is encrypted by the client using the public key and sent across to the server, who then can decrypt it using it’s private key which is kept secure on the server. This ensures anyone having access to the encrypted data in transmission apart from the server cannot decipher it. This way the web overcomes the MITM threat at the moment when, data is being transferred between systems over the internet. This may dissuade a MITM attacker to look into the encrypted data being transferred as it is unreasonably difficult to break the encryption but not all attackers will be dissuaded as they know a wokaround to get your data.

As internet technology has become smart so have the attackers. Now let’s see how someone can steal your information even if it was encrypted using asymmetric cryptography. A MITM attacker can keep collecting all the encrypted information as it traveled between you and the server and store it in his system. After many months or years once the server has been decommissioned or discarded he then can obtain the hard drive of the server on which the private key was stored and decrypt all that information he had collected, exposing sensitive information which still may be relevant to you like credit card numbers and passwords. This is how your data which may be protected right now may not remain protected in the future and this is exactly where perfect forward secrecy comes into picture.

Perfect forward secrecy or PFS as it is commonly called, is used to overcome privacy issues in the future like in the case of asymmetric cryptography. PFS utilizes something called session keys to address issues with forward secrecy in asymmetric cryptography. Session keys are additional keys used by the server apart from public key and private key to encrypt and decrypt data over the internet. Session keys are created on the fly by the server and kept alive only till a user session is active with the server. Once the user or the server terminates the session with the user, the session key associated with user is destroyed by the server. So a MITM attacker who may record your session with the server cannot only use the private key obtained at a later point of time to decrypt the recorded session but he will also require the session key to decrypt the session. Since session keys are not stored anywhere and are destroyed once the session is over, the attacker cannot gain access to your information anytime in the future providing you with perfect forward secrecy.

PFS is slowly gaining popularity with many online vendors who have now committed to prefer PFS ciphers over non-PFS ciphers for data encryption between their server and the client. So it is now important than ever for you to know if you are using PFS, as it concerns privacy and protection of your data now and in the future.

Technically PFS is provided by modern secure protocols only like TLS 1.2, TLS 1.1 and TLS 1.0 and by modern cipher suites like DHE-RSA, DHE-DSA and ECDHE-RSA, ECDHE-ECDSA.  Older protocols like SSL 3 donot provide PFS. If you are still using old browsers and clients or if your online vendor still uses older cryptography suites then you definitely are not using PFS.

If you want to find out whether your browser is using PFS or not with your favorite online vendor, you need to obtain information about what cipher suite and protocol your browser is using with vendor’s server. You can get that information in commonly used browsers using the below steps.

Enter the secure URL of your online vendor like https://www.google.com on your browser. Let the page finish loading.


  1. In the address bar, click the lock icon to the left of the URL.
  2. See the Connection tab.

Sample output

This connection uses TLS 1.2.

The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism



  1. In the address bar, click the lock icon to the left of the URL.
  2. Click on the right arrow.
  3. Click ‘More Information’
  4. See ‘Technical details’ under ‘Security’ tab.

Sample output

Connection Encrypted (TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2)


Internet Explorer

  1. Do a right click on the browser page and click properties
  2. See the information mentioned in ‘Connection’

Sample output

Connection: TLS 1.2, AES with 256 bit encryption (High); ECDH with 256 bit exchange


If your browser says you are using TLS protocol with ECDHE, DHE as key exchange mechanism then you have PFS when transferring data to the server.

For PFS both client side and server side should support PFS protocols and ciphers.

On the server side the following protocols should be preferred for SSL/TLS connection in the order given below.

  1. TLS 1.2
  2. TLS 1.1
  3. TLS 1.0

The following ciphers should be preferred in the server in the order given below.

  1. ECDHE
  2. DHE
Zircon - This is a contributing Drupal Theme
Design by WeebPal.