And that future-proofing feature represents a new standard for any messaging service or website that takes your privacy seriously. Encryption tools with perfect forward secrecy switch their keys as frequently as every message in text-based conversation, every phone call in the case of encrypted calling apps, or every time a user loads or reloads an encrypted web page in his or her browser.
While schemes for perfect forward secrecy date back to the early '90s, the feature was first practically implemented in Off-The-Record Messaging, a protocol for encrypted instant messaging invented in that encrypted messages with a new key every time a sender alternated in an instant messaging conversation. In that system, multiple messages sent back-to-back by the same sender still used the same key.
The newer messaging protocol Signal, invented by cryptographers Moxie Marlinspike and Trevor Perrin in , has both improved that key-switching trick and popularized perfect forward secrecy more than ever. Using a system it calls a "double ratchet," Signal generates a new encryption key with every message, even those sent consecutively by the same person.
See our flow chart of how Signal's encryption protocol works here. Normally, servers have special encryption keys they use to keep communication sessions private and secure. Whenever Cindy the Client wants to chat with Stan the Server, Cindy comes up with a secret the "pre-master secret" and encrypts it using Stan's special key. They use this encrypted pre-master secret to continue encrypting the rest of their conversation. The only people who can decrypt what Stan and Cindy talk about are the ones who know Stan's original key, like his trusty Network team.
The Network team is responsible for tracking down the source of any bugs that muck up Stan's system, so it's important for them to know what Stan talks about and with whom.
Trouble is, Stan uses the same key to encrypt every pre-master secret with every client—which means if a hacker were to figure out that single encryption key via brute force or other attack techniques , they could spy on all of Stan's conversations without anybody knowing.
When Cindy the Client starts a conversation with Sara, Cindy and Sara huddle to come up with a unique encryption key—their pre-master secret—that is completely private and will only last for that particular conversation. This is where the Cone of Silence comes in: Without involving Sara's long-term key, Sara and Cindy decide their encryption key behind closed doors.
No one, not even Sara's own Network team, can see or hear how they decide their unique key. This way, if a hacker got their hands on Sara's long-term key, they still wouldn't be able to decrypt any secure conversations. Even if they stole a unique PFS encryption key, only Sara's communications with Cindy would be vulnerable. Two big things happened in the last five years to throw more PFS schemes into the cyber security ring:.
First Edward Snowden showed us just how much network traffic has secretly been collected by the United States government—and if one group could run a mass surveillance program, so could others.
For the first time in human history, global secret surveillance was not only a possibility but a reality. That said, the IT community had lived with an inherent degree of risk for years. The longer you keep a secret, the more time you give bad guys to figure it out. Luckily, long-term SSL keys were secure enough that this danger seemed manageable. Without forward secrecy, encryption keys are used for sessions—entire batches of transactions.
Brute force hacking demands extensive time and resources, but that level of return of sensitive data makes it worthwhile. Generating a unique session key for each transaction limits hackers to obtaining data from one exchange per successful attack. A server protected by perfect forward secrecy is simply a less appealing target for a hacker, because it demands more effort and time. Perfect forward secrecy protects future compromises of the passwords or secret keys from past sessions.
With forward secrecy in place, previously recorded and encrypted sessions and communications cannot be retrieved and decrypted by an attacker who compromises long-term secrets keys in the future. This is critical for a blockchain use case.
A leaked key has the potential to compromise a significant amount of assets in a blockchain scenario since all data is stored forever. However, WPA does not provide perfect forward secrecy. Both cryptographic protocols allow secure connections to be created, but neither determines the encryption cipher to be used or mandates the actual key exchange. Instead, to enable perfect forward secrecy, the user and server machines must agree upon the encryption type.
Therefore, when configuring forward secrecy, set your servers up to make compliant cipher suites available:. The key exchange must be ephemeral, meaning the server and client will generate a unique set of Diffie-Hellman parameters and use the keys just once per session.
The exchange-related encryption is deleted from the server after the transaction ends, which ensures that any given session key is almost useless to hackers. These are faster than the standard DHE counterparts.
To determine whether perfect forward secrecy is enabled, refer to the security details of a site. Most modern servers are already configured for perfect forward secrecy, but if your server is not, complete the process in four steps:. Importantly, it is easy to configure perfect forward secrecy incorrectly. In addition, prioritize perfect forward secrecy over other security methods to ensure it works properly.
It is also important to disable long duration session tickets or session IDs. This makes the case for perfect forward secrecy in that the attackers could use these stolen keys to decrypt confidential data Sony may have collected in the past. Any current sites should support PFS. In other words, an attacker who can undertake cryptanalysis of the underlying ciphers being used and modify the way the session key generator functions may be responsible for failed forward secrecy.
For example, large quantum computers are up to breaking these ciphers in a reasonable amount of time. However, in most cases perfect forward secrecy separates the confidentiality of past conversations and any compromise of a long-term secret key successfully. There are several reasons organizations have for failing to implement perfect forward secrecy. Lack of infrastructure support and lack of browser support are among the reasons.
0コメント