Tech Terminology Demystified – ‘Forward-Secrecy’

If a private key is compromised by the man-in-the middle attacker he can decrypt the messages using the private key. The worst part is if he has recorded the previous conversations he can break that also using this private key. This can be prevented by the Forward-Secrecy technique.  Forward secret HTTPS is now live for Gmail and many other Google HTTPS services.  Forward–secrecy is based on Diffie-Hellman algorithm. Forward secrecy will generate a separate key for each session so that if a key is compromised only that session data alone can be accessed. Private Key is used only for Authentication. Session key is used for communication. A session key is a key just created for a particular session, and when the session is brought down, the key is destroyed and not used again. Next time a session is initiated a new and completely different session key is created which serves as a additional layer of security to HTTPS

Drawbacks

1. It requires more processing power
2. It takes longer time