What is Perfect Forward Secrecy?
Using Forward Secrecy to Protect Your Information
Basically, perfect forward secrecy, or PFS, is an encryption method that allows short-term, totally private communication between clients and servers. ExtraHop calls PFS “the cyber security Cone of Silence.”
How Does Perfect Forward Secrecy Work?
Perfect forward secrecy is any encryption method in which any breach of long-term keys doesn’t compromise past session keys. One way this is done is through using passwords. The long term key is a password that is shared between the communicating parties, and the short term key (or session key) is generated randomly and then expires when the communication is over.
The goal of forward secrecy is to make sure that data and information exchanged between parties is not available after the transmission has occurred.
How To Test Perfect Forward Secrecy
If you have access to your server, you can use this command to see if your server is using perfect forward secrecy:
openssl s_client -connect example.com:(port number, e.g: 443)-cipher ECDHE-RSA-RC4-SHA
Visit Makandropdedia to learn more about using this test on your server.
You can also use Google Chrome, if you want a simpler check. Chrome will tell you if a site is secure and using forward secrecy by clicking the left side of the URL box. It will tell you who the SSL certificate was verified by and what encryption method the server is using.
How Does Search Encrypt Use Forward Secrecy?
Search Encrypt uses PFS to ensure that even if your computer is compromised, your search data will not be accessible or linked to you.
Expiring Browser History
Even if someone gets access to your computer, your encrypted search terms can no longer be viewed.
Advanced SSL Encryption
Search Encrypt uses SSL certificates to protect sensitive information, as well as your browsing activity.
While many search engines promise forward secrecy, this isn’t always the case. Search engines that prompt you to log-in or use your email address often track your searches and link them to your email. They use this information to sell to advertisers to market to you more effectively.