Your online messages represent a very private area of your life. If hackers got access to them, they could see the details of your correspondence, the photos you’ve shared, and your real-time location. Sounds terrible, right? Perfect forward secrecy (or PFS) is a security feature that can prevent this from happening.
Perfect forward secrecy (or PFS) refers to a process in which an encryption system regularly changes its encryption keys, so only a tiny bit of data can be compromised in any single breach.
The system switches keys after every message, call, or page load. This means that an interceptor can only get hold of that one operation or message, but not all the other data, as it is encrypted by different sets of keys.
PFS also protects the data of a network of SSL/TLS protocols in case their long-term keys are compromised.
Let’s say that Tom and Jane are chatting via a secure messaging app, which uses PFS. The app uses public and private keys, which encrypt their communication and identifies them as intended senders and receivers. It uses these keys only to help them to identify one another.
Then a key exchange algorithm creates an ephemeral key, which encrypts every single message. When Tom sends Jane a message, it will be encrypted with that key. Jane decrypts it using the same key. The same process is repeated in every exchange of messages. Each message has new session keys.
Now even if a hacker intercepts Tom and Jane’s conversation, they’ll only be able to see a single message, rather than the whole conversation. Even if they get hold of their public and private keys, they still can’t access their chat as all the messages are encrypted by different sets of keys.
However, the snooper could fake Tom and Jane’s identities and potentially monitor future conversations using the obtained public and private keys.
People use perfect forward secrecy keys and encryption for:
Check out our video on perfect forward security below.
While PFS is a powerful and useful tool, it’s not the only way to protect your privacy online. With a virtual private network, or VPN, you can keep you data secure at all times.
NordVPN provides layers of powerful encryption, so even if your internet connection is compromised by hackers, your online activity will still be inaccessible to them. It’s a simple and effective way to take next-gen encryption with you wherever you go.
One NordVPN account will cover up to six devices; that includes smartphones, computers, smart TVs, and even your home router. Secure privacy is just a click away.
Online security starts with a click.
Stay safe with the world’s leading VPN
We value your privacy