全称:perfect forward secrecy。
对于一种密码系统,如果一个密钥被窃取,那么只有被这个密钥加密的数据会被窃取。
有一些加密系统的密钥都是从最开始的一个密钥导出的,所以如果第一个密钥被窃取,攻击者将可能收集到足够的信息来导出其它的密钥。
在使用PFS之前,PFS使得IPSEC第二阶段的密钥是从第一阶段的密钥导出的,使用PFS,使IPSEC的两个阶段的密钥是独立的。所以采用PFS来提高安全性。
要求一个密钥只能访问由它所保护的数据;用来产生密钥的元素一次一换,不能再产生其他的密钥;一个密钥被破解,并不影响其他密钥的安全性;PFS 特性是由DH算法保障的。
原文:
A cryptosystem in which, if one encryption key is compromised, only the data encrypted by that specific key is compromised. Some cryptosystems allow keys to be derived from previous keys, so that if the first key is compromised, an attacker might have enough information to figure out other keys and/or decrypt data encrypted using those keys. RFC 2409 describes PFS in detail.
PFS enhances security by using different security key for the IPSec Phase 1 and Phase 2 SAs. Without PFS, the same security key is used to establish SAs in both phases. PFS ensures that a given IPSec SA key was not derived from any other secret (like some other keys). In other words, if someone were to break a key, PFS ensures that the attacker would not be able to derive any other key. If PFS were not enabled, someone could hypothetically break the IKE SA secret key, copy all the IPSec protected data, and then use knowledge of the IKE SA secret to compromise the IPSec SA setup by this IKE SA. With PFS, breaking IKE would not give an attacker immediate access to IPSec. The attacker would have to break each IPSec SA individually.
