You’re on the beach with your metal detector and you come across a locked treasure chest. Even though you can’t open it, you decide to keep it anyway. Why?
Because you might find the key later.
The same principle applies to encryption. Even if an attacker can’t read your encrypted messages now, they might record them anyway in the hopes of one day finding a key.
How do we defend against this kind of “wait-and-see” attack? With a principle called perfect forward secrecy.
What is perfect forward secrecy?
Perfect forward secrecy (PFS) protects encrypted messages from future attacks by regularly changing keys. The new keys are randomly generated in such a way that even if one key is compromised, it cannot be used to decrypt any past or future messages.
In the treasure chest analogy above, PFS means you’d never find a whole chest full of treasure. You’d find thousands of tiny locked chests, each containing at most one coin. If at any point you found a key, you’d have no way of knowing which chest it unlocks, and even if you eventually found it, you’d only have one coin.
You can see how this would be discouraging for an aspiring beach comber— or cybercriminal.
How does perfect forward secrecy work?
In real-life encrypted communications, PFS usually means that a new key is generated for every message, as is the case with the Signal messaging protocol.
But how do you get two sides of a conversation to agree on a new key? It isn’t as simple as sharing the key in the conversation, because then anyone with the old key could use it to determine the new key, and every key after that.
Signal and other protocols use something called the Diffie-Hellman key exchange (DH) to generate new secret keys without sharing them over the internet. It sounds impossible, but DH takes advantage of clever mathematics involving prime numbers and one-way functions: operations that are easy to perform but very difficult to reverse, similar to hashing.
Watch our TikTok video explaining DH with color-mixing
Where else is perfect forward secrecy used?
PFS is a feature of many modern communication methods, including one of the most important protocols on the internet: TLS (Transport Layer Security), formerly SSL (Secure Sockets Layer).
Because TLS/SSL is the encryption protocol that enables HTTPS (Hypertext Transfer Protocol Secure), that means brand new encryption keys are generated every time you load a page on a website that uses HTTPS. In other words, even if someone is currently recording your encrypted web traffic, they will not be able to decrypt it later using future keys. Web server software like Apache, Nginx, and IIS can also be configured to use PFS through TLS/SSL.
ExpressVPN uses dynamic encryption keys for perfect forward secrecy
Every time you connect to ExpressVPN servers, including with our innovative Lightway protocol, the security certificate’s authenticity is verified.
Once authenticated, a unique encryption key is negotiated through the Elliptic-Curve Diffie-Hellman (ECDH) key exchange. Through this negotiation, the server and client are able to derive an encryption key without risk of interference from a third party.
Read more: Learn how your ExpressVPN app verifies it’s talking to the right server
Each ExpressVPN connection uses a different key, so in the unlikely event that someone once hacked your device or an ExpressVPN server and recorded encrypted raw data transmitted by you, they still wouldn’t be able to decipher the information.
Dynamic encryption keys are purged or regenerated after a connection is terminated, or every 15 minutes, to protect long-lived connections. The key is also renegotiated every time your device changes networks, for example between mobile data and Wi-Fi.
Perfect forward secrecy makes strong security future-proof
Good security is not only about making systems difficult to attack. It’s also about minimizing the damage in the event of an attack.
Perfect forward secrecy is just one of the principles we use to achieve that goal, but it’s a powerful one. It keeps your traffic private not just from current attacks, but future ones as well.
Learn more about how ExpressVPN builds trust through security best practices.
Comments
Needing help keeping the world out of my personal business thing that maybe they don’t understand
Thanks you and I not sure please help me
does this apply for lightway?
Perfect forward secrecy is available only via the proprietary ExpressVPN App, and not through services like OpenVPN standalone, but it should be as easy as adding a simple line of code to the OVPN file on the client and server side. Please add this to your services, it gives users an option to move away from the closed source ExpressVPN proprietary application while still maintaining their security.
Hi Julia,
Any VPN based on OpenVPN is going to provide some form of perfect forward secrecy. You also don’t need to use our app to make use of our service. Instead, you can download the open-source OpenVPN apps available for your platform, and use the configuration files to connect to our network, or any other network supporting OpenVPN configuration files.
Hopefully this article can help: https://www.expressvpn.com/support/vpn-setup/manual-config-for-windows-xp-vista-7-8-with-openvpn/
Lexie