Questions tagged [perfect-forward-secrecy]
10 questions
7
votes
1 answer
How does TLS work (RSA, Diffie-Hellman, PFS)?
I know "How TLS works" has been discussed numerous times here and crypto, but I am still somewhat confused and would like to summarize what I know so far 1 in this giant blob of text with the hope that one day this becomes helpful.
There are two…
![](../../users/profiles/9897.webp)
CppLearner
- 199
- 2
- 8
2
votes
1 answer
Perfect forward secrecy in Instant Messaging with multiple devices
I have read multiple sites online about PFS and DH but I still have a few questions.
I understand that in order to have PFS you must use different keys to encrypt messages. So your IM client could be generating a new key for every message you write…
![](../../users/profiles/202616.webp)
William
- 21
- 1
2
votes
1 answer
Can PFS be used to prove that a file was transmitted/received at a particular date & time?
Can Perfect Forward Secrecy (PFS) be used to prove that a particular file was transmitted or received at a particular time? If so, how? By keeping records of the entire TLS stream?
![](../../users/profiles/29728.webp)
Geremia
- 1,636
- 3
- 19
- 33
1
vote
0 answers
Nym Perfect Forward Secrecy
I recently heard about the Nym mixnet and am researching it and the Sphinx packet format. So far it looks promising, but there is one thing I'm unsure of.
Networks like Tor use ephemeral keys to limit the length of time an adversary could compel…
![](../../users/profiles/182925.webp)
CrystalShared
- 41
- 1
1
vote
0 answers
How to maintain sensible cipher list for a public webserver
I'm configuring nginx and am trying to find a cipher list that gives an A standard over at SSLlabs while also allowing common browsers to access the website.
I am not an expert and am asking this question here because I've been unable to achieve the…
![](../../users/profiles/6132.webp)
artfulrobot
- 473
- 5
- 14
0
votes
0 answers
In which sense is Perfect Forward Secrecy perfect?
Wikipedia states that Perfect Forward Secrecy "is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if the private key of the server is compromised".
In the example on Wikipedia two…
![](../../users/profiles/227119.webp)
leo
- 103
- 3
0
votes
0 answers
Which part/step of the TLS handshake is essential for providing PFS?
I would say the key exchange part, because PFS is used only during the key exchange of server and client.
Am I right or have I overlooked something?
![](../../users/profiles/221288.webp)
ItSec
- 1
0
votes
0 answers
Is client-side password hashing still useful when using TLS? Is TLS crackable? What about PFS?
Is client-side password hashing still necessary / useful when using TLS? What about TLS protocols with PFS (perfect forward secrecy) like Diffie-Hellman?
Let’s say that I’m running a web application which uses authentication (like most websites). …
![](../../users/profiles/164888.webp)
Char Star
- 113
- 4
0
votes
1 answer
OpenSSL - 2040 bit temporary key size, 2048 bit private key
Recently, I had an OpenVAS scan report that a TLS connection to Postfix used a temporary key size of 2040 bits, instead of the 2048 bits that I have set for my key size, and I have perfect forward secrecy cipher suites enabled.
As part of that, I…
![](../../users/profiles/176374.webp)
4oo4
- 25
- 4
0
votes
1 answer
Which PFS Group is recommended for IPSec configuration?
I can't find much information on PFS (Perfect Forward Secrecy) Groups so I'm unsure what to suggest for a secure IPSec configuration.
Any suggestions on PFS groups that aren't recommended?
What is the implication for using better PFS groups?
![](../../users/profiles/106190.webp)
ellefc
- 499
- 2
- 6
- 14