What is Perfect Forward Secrecy

Ever worried about who might be spying on your online activities? Understanding VPN encryption protocols, including the role of Perfect Forward Secrecy, is key to choosing a secure VPN. This guide explains how to compare VPN services and teaches you the key concepts to look out for in VPN reviews.

Keep reading for a deep dive into Perfect Forward Secrecy, a crucial component of secure VPNs.

Why is VPN encryption important?

A VPN (Virtual Private Network) is only as secure as the encryption protocol it provides. Encryption keeps your data locked inside the VPN tunnel, ensuring that local networks, ISPs, government agencies, hackers on public Wi-Fi, and other eavesdroppers can’t monitor your online activities.

VPNs send and receive data using specific protocols, such as OpenVPN. These protocols have been thoroughly audited and are known to provide watertight security for their users. However, you may not realize that each VPN provider can choose to implement these protocols differently.

Only a few VPN services implement the OpenVPN protocol to the latest standard, so it’s crucial to pick a VPN that takes data security seriously. Keep reading to learn about Perfect Forward Secrecy (PFS) and why it is an essential cryptographic component for users who demand reliable online privacy.

Understanding encryption basics in the context of VPN Security

An encryption cipher is a protocol used to scramble your data so that only you and the person you choose to share it with can access it. This is a crucial security feature online, where data is constantly shared between devices hundreds, if not thousands of miles away.

Whether you are visiting a website, sending an email, using an Android or iOS app, or making a video call, some encryption is probably happening. Even basic email providers like Gmail use Transport Layer Security (TLS) to secure data in transit, and most websites use HTTPS to guarantee that traffic between your device and the website cannot be intercepted.

As with other forms of encryption – which provide data security and privacy for online activities – the VPN encryption protocol ensures your VPN traffic is protected against eavesdroppers. At its most basic, Perfect Forward Secrecy ensures that encryption keys are unique and temporary.

An encryption key is a complex string of numbers used by the encryption cipher to scramble the data so that it cannot be accessed by any third parties. Only those people who have access to the key can unlock the data. Encryption keys come in two varieties:

  • Symmetric session keys: In this type of encryption, the data is secured and decrypted using the same key. The benefit of this type of protocol is that it is faster and better for larger volumes of data.
  • Asymmetric session keys: This encryption method relies on a pair of keys, one public and one private. The public key is shared openly so that those who need it can decrypt data. However, only those who have the corresponding private key can access the encryption’s contents.

PFS uses a symmetric session key, so once it is negotiated, a single key will handle the encryption and decryption of the VPN data. For now, the most important thing to understand about VPN encryption is that it relies on three key components:

  1. Secure Handshake: This phase initiates secure communications by negotiating unique session keys that provide PFS. These keys are ephemeral, meaning they are created for a single session and discarded afterward, which prevents past session data from being decrypted even if future keys are compromised.
  2. Authorization: Confirms the identity of users. This typically occurs before or during the handshake phase and ensures that the entities exchanging information are who they claim to be.
  3. Encryption Cipher: This component scrambles the data transmitted between parties using the session keys established during the handshake. The keys provided by PFS are used here for the connection duration to encrypt and decrypt the transmitted data securely.

What is Perfect Forward Secrecy?

Perfect Forward Secrecy (PFS) is an optional feature of certain VPN encryption protocols such as OpenVPN, WireGuard, and IPSec. It changes the encryption key used in each VPN session. This makes it nearly impossible for attackers to decrypt past or future sessions even if they somehow manage to obtain a private key.

To give an analogy, using PFS with your VPN is like changing your home’s locks each time you leave, ensuring burglars can’t break in even if they steal a key.

How does Perfect Forward Secrecy work?

The way PFS works is quite technical, but as long as you understand the benefits of this additional security layer, you don’t necessarily need to worry about it. In this section, we have briefly explained how Perfect Forward Secrecy works for any techy readers.

Perfect Forward Secrecy leverages a clever key exchange mechanism that negotiates new session keys for each session using secure random number generation. The keys generated by PFS are never reused, which means they are only good for the current session – and cannot be used to access the contents of a VPN connection at any other time.

This increases your privacy and secures you against any potential future advancements in decryption technology, thereby making the protocol future-proof. Most VPNs implement Perfect Forward Secrecy using either Elliptic Curve Diffie Hellman or Diffie Hellman. We will discuss each of these further below.

What to consider when comparing VPNs

Any VPN that does not use Perfect Forward Secrecy (PFS) could have long-term keys compromised, which opens the door for very serious security breaches.

The good news is that the WireGuard protocol implements PFS as a standard. The implementation of PFS in other protocols, such as OpenVPN and IKEv2, relies on the choices made by the VPN provider.

We always recommend checking that your VPN implements PFS in the protocols you intend to use.

What could happen if a VPN doesn’t include Perfect Forward Secrecy?

A lack of PFS can lead to very serious negative consequences. Below, we have included a list of things that could happen if long-term encryption keys are exposed:

  1. Decryption of past communications: If hackers get hold of a private key used for multiple sessions they could access historical data. This means that any sensitive data previously communicated via the VPN could be at risk. The best no-logs VPNs mitigate the threat to previous sessions by implementing PFS and deleting all data associated with a VPN session when it ends.
  2. Decryption of future communications: A VPN that lacks PFS could allow hackers to get hold of an encryption key that lets them eavesdrop on future communications. This is the chief reason that PFS is so important in the context of VPNs (even no logs VPNs). Anybody who compromised a key could actively monitor all of your data and traffic while connected to the VPN.
  3. Hackers could manipulate your data: If a VPN session is compromised using re-used keys, hackers could change your data. Hackers can leverage this kind of manipulation to pretend to be you or to reroute and alter your requests to their advantage. This can enable serious crimes such as fraud.

Which VPN protocols implement PFS?

Below, we have included a list of common VPN protocols that implement PFS. If implemented correctly, these protocols can provide robust protection against future compromise of your VPN traffic.

  1. OpenVPN: OpenVPN is a popular VPN protocol that has been subjected to numerous audits. It is highly configurable, which means that VPN providers have a lot of flexibility. OpenVPN supports PFS through the use of ephemeral keys during the TLS handshake process. However, due to its flexibility, VPN providers can choose whether or not to implement OpenVPN with Perfect Forward Secrecy. This means you must check that your provider is using PFS.
  2. WireGuard: This is a modern protocol that was developed with speed and security in mind. It uses advanced cryptographic primitives that make it highly effective for gaining online privacy. This includes native PFS that ensures new keys are used for every session.
  3. IPSec/IKEv2: Most VPNs that offer IKEv2 do so in conjunction with IPSec, which supports PFS by default. Like OpenVPN, however, the use of PFS can depend on how the VPN provider has configured the protocol. It’s usually safe to assume that IKEv2 includes PFS, but we still recommend checking to be sure – particularly if you have an elevated threat model.
  4. SSTP (Secure Socket Tunneling Protocol): This is a slightly older VPN protocol that is no longer available in most VPN apps. However, it is another VPN protocol that is compatible with PFS – depending on how it is configured.

What is the role of SSL/TLS in supporting VPN Perfect Forward Secrecy?

Many popular VPN protocols, including OpenVPN and SSTP, use SSL/TLS for encryption. OpenVPN, for example, relies on SSL/TLS certificates to enable secure tunneling between the VPN app and its servers.

SSL/TLS protocols support various cipher suites that dictate how encryption is executed. Some of these suites are designed to enable PFS using ephemeral key exchanges. As previously explained, this means they will generate new keys each session without sharing any long-term keys.

SSL/TLS protocols allow VPNs to implement either ephemeral Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH) key exchanges. The latter offers better performance and increased security.

By incorporating SSL/TLS protocols with cipher suites that support ephemeral exchanges like DH and ECDH, VPNs significantly strengthen the security they offer to users, ensuring that each session remains protected and isolated from others.

What is Elliptic Curve Cryptography?

Elliptic Curve Cryptography (ECC) is the type of key agreement security used by most VPNs to implement Perfect Forward Secrecy. This public key algorithm has been around since 1976, which is when the modern age of secure communications truly began. However, it started to be widely incorporated into commercial applications in the late 1990s.

Although ECC is too complicated to fully explain in this blog, the key to understanding is that it leverages complicated mathematics to provide unique keys each session. Specifically, it relies on the algebraic properties of elliptic curves over finite fields.

The advantage of this mathematical approach is that it provides higher levels of security while also leveraging smaller key sizes – this makes it much more efficient and compatible with a greater number of devices.

Another benefit of this technology is that it enables users to initiate a connection without needing to share a secret code in advance. This makes it much easier for users who have never met before to communicate securely over the internet.

Many secure VPN providers utilize a specific application of ECC known as Elliptic Curve Diffie-Hellman (ECDH). ECDH enhances the standard Diffie-Hellman key exchange protocol by employing elliptic curves, thereby offering stronger security. This method uses ephemeral keys that are generated for each session, significantly bolstering the VPN’s defense against attacks and ensuring that past communications can’t be compromised even if there is a security breach in the future.

That said, some VPNs might still use the standard Diffie-Hellman (DH) protocol to provide PFS. Although standard DH is capable of providing Perfect Forward Secrecy, it requires larger key sizes to achieve similar levels of security. This makes it slower and a poor choice for devices with limited resources. For this reason, ECDH remains the preferred option employed by leading VPNs in the implementation of OpenVPN and IKEv2.

What algorithm does WireGuard use for PFS?

WireGuard is a popular modern protocol that uses the Curve25519 elliptic curve algorithm for its key secure exchange process. Curve25519 is a type of Diffie-Hellman key exchange that leverages elliptic curves to facilitate secure key exchange using unique keys each session. Curve25519 is known for its robust security and excellent performance – making it fast and compatible with many devices.

Related: The most secure VPNs

Perfect Forward Secrecy FAQs

What are the benefits of Perfect Forward Secrecy for VPN users?

Using a VPN protocol that includes Perfect Forward Secrecy massively increases peace of mind, by ensuring that it is almost impossible (at the current level of technological progress) for hackers to gain access to your VPN data. This guarantees high levels of online privacy and data security, making the VPN suitable for sensitive online use cases like those carried out by lawyers, politicians, journalists, activists, whistleblowers, or any individual who cares about their privacy.

The future-proof nature of protocols like ECDH and Curve25519 means that users can feel confident in the level of protection provided by their VPN, regardless of where they connect to the internet or what online tasks they need to carry out.

Can Perfect Forward Secrecy make a VPN slow?

Yes. The implementation of Perfect Forward Secrecy can potentially hurt the speed of a VPN. This is why some low-quality VPNs with badly implemented apps and sluggish servers avoid implementing PFS.

The important thing to remember, however, is that popular protocols like IKEv2/IPsec and OpenVPN can implement PFS with minimal impact on performance, and it is important to note that negotiating the unique session key required for PFS only happens at the beginning of each session – so while it will make the VPN connect slower it should not affect throughput.

PFS is a crucial security feature that should not be avoided to improve a VPN’s connection speed. The best VPNs invest in lightning-fast servers and well-designed VPN apps that can allow the client to negotiate the PFS key without too much inconvenience during the initial connection.

Are all VPN services equipped with Perfect Forward Secrecy?

No. Whether a VPN service implements Perfect Forward Secrecy depends on which protocols it provides and how it has implemented those protocols. If your VPN provider offers WireGuard, you can be assured that it will always implement PFS using the Curve25519 algorithm.

For protocols like OpenVPN and IKEv2, the implementation of PFS depends on the individual choices made by the VPN provider. That’s why it’s essential not to take PFS for granted unless you are using the WireGuard protocol.

You can check whether the VPN you are interested in provides PFS by heading over to our in-depth VPN reviews.