With Perfect Forward Secrecy the exposure of one key permits access only to data protected by that key. When PFS is configured, the IKE daemon creates a new ISAKMP SA for each IPSec SA negotiation and performs a Diffie-Hellman exchange for each IPSec SA negotiation.
A key-establishment protocol, used to secure previous VPN communications, should a key currently in use be compromised.
In PFS, the key that is used to protect transmission of data is not used to derive additional keys. Also, the source of the key that is used to protect data transmission is never used to derive additional keys. PFS applies to authenticated key exchange only. See also Diffie-Hellman protocol.
With Perfect Forward Secrecy the exposure of one key permits access only to data protected by that key. HP-UX IPSec supports PFS for keys and identities (the IKE daemon can be configured to create a new ISAKMP/MM SA for each IPSec/QM negotiation). HP-UX IPSec does not support PFS for keys only (the ISAKMP/MM SA is re-used for multiple IPSec/QM negotiations, with a new Diffie-Hellman key exchange for each IPSec/QM negotiation).
Perfect forward secrecy (PFS) is a cryptographic characteristic associated with a derived shared secret value. With PFS, if one key is compromised, previous and subsequent keys are not compromised, because subsequent keys are not derived from previous keys.
Ensuring that the compromise of a secret does not divulge information that could lead to the recovery of data protected prior to the compromise. See Also: Forward secrecy
A cryptosystem in which, if one encryption key is compromised, only the data encrypted by that specific key is compromised. Some cryptosystems allow keys to be derived from previous keys, so that if the first key is compromised, an attacker might have enough information to figure out other keys and/or decrypt data encrypted using those keys. RFC 2409 describes PFS in detail.
A condition derived from an encryption system that changes encryption keys often and ensures that no two sets of keys have any relation to each other. The advantage of perfect forward secrecy is that if one set of keys is compromised, only communications using those keys are at risk. An example of a system that uses perfect forward secrecy is Diffie-Hellman key exchanges.
In an authenticated key agreement protocol that uses public key cryptography, perfect forward secrecy (or PFS) is the property that disclosure of the long-term secret keying material that is used to derive an agreed ephemeral key does not compromise the secrecy of agreed keys from earlier runs.