Does Diffie-Hellman (DH) provide perfect forward secrecy? or is it a feature for Ephemeral Diffie-Hellman (DHE) only ? Is Elliptic Curve Ephemeral diffie-Hellman (ECDHE) is better than DHE ?
DH vs. DHE and ECDHE and perfect forward secrecy
Asked Answered
It's the ephemeral aspect of DHE and ECDHE that provides perfect forward secrecy.
The idea is that even if someone records traffic and compromises the server to get its private key, they won't be able to decipher that traffic, because they'll be missing the ephemeral DH parameters that won't have been saved. With fixed DH, the private DH parameters are effectively the private key: they would also be compromised in the same way and allow the attacker to decipher past traffic too. (Note that support for fixed DH, non-anonymous cipher suites is quite rare in practice anyway.)
The perfect forward secrecy offered by DHE comes at a price: more computation. The ECDHE variants uses elliptic curve cryptography to reduce this computational cost. You may find further details and benchmarks in Vincent Bernat's SSL/TLS & Perfect Forward Secrecy article.
If ephemeral DH parameters are never saved then how server would decrypt any past communication if required? –
Hertahertberg
@devgr It would not. –
Famish
I have this doubt, correct me if I am wrong, the server stores any relevant data obtained after decryption to a secured database and now server can safely ignore the fact that it would not be able to decrypt the communication data after current request ends, but server still keep recording the requests for other purposes? –
Hertahertberg
© 2022 - 2024 — McMap. All rights reserved.