How Heartbleed showed the importance of Perfect Forward Secrecy
That many of us may have to change our passwords for our online accounts is really inconvenient, but the possibility that one of our accounts is compromised is no where near the worst case scenario.
The worst case scenario is that the server's secret key may have been compromised. If this happens, there are some horrible consequences. An attacker could use that key to decrypt any connection made to the server, which would mean that any email, bank transfer, purchase, anything at all would be visible to someone with the server's secret key. If the server is not using Perfect Forward Secrecy, then an attacker could use the compromised key to decrypt any
communication with that server, ever
That's the value of PFS. It isn't a form of cryptography in itself; it's a key exchange protocol that helps to protect past communication. It doesn't keep a key from being compromised, and if a key is compromised, PFS doesn't prevent it from being used to spy on new encrypted connections. What it does do is protect the old connections. This may not seem immediately important, but consider that it is easy today to record all communications between two computers, and today we have reasons to believe this is a common practice. An attacker can copy all encrypted communication, even if he can't read it yet, and keep it for the day when the key is broken. Once that day comes, he could have years of back records on hand that are newly readable.
PFS prevents this scenario by using a new, random, per-session key that prevents past communications from being decrypted even if one of the party's secret key is compromised.
To tell if your connection is using PFS, look at the connection details provided by your browser. PFS does not work with RSA, the method requires a key space based on an Abelian point group. It does work with discrete logarithms or elliptic curves, so if you see DHE or ECDHE, then the connection is using PFS. #cryptography #security