{"id":391,"date":"2013-06-27T10:01:33","date_gmt":"2013-06-27T15:01:33","guid":{"rendered":"http:\/\/www.poweradmin.com\/blog\/?p=391"},"modified":"2015-04-27T08:47:34","modified_gmt":"2015-04-27T13:47:34","slug":"perfect-forward-security-and-ssl-encryption","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/perfect-forward-security-and-ssl-encryption\/","title":{"rendered":"Perfect Forward Security and SSL Encryption"},"content":{"rendered":"<p>\n\t<a href=\"\/blog\/wp-content\/uploads\/2013\/06\/Combination-Lock-sepia.jpg\" rel=\"\" style=\"\" target=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"Perfect Forward Security - SSL Encryption\" class=\"alignleft size-medium wp-image-399\" height=\"226\" src=\"\/blog\/wp-content\/uploads\/2013\/06\/Combination-Lock-sepia-300x226.jpg\" style=\"margin-left: 0px; margin-right: 10px;\" title=\"\" width=\"300\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/06\/Combination-Lock-sepia-300x226.jpg 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/06\/Combination-Lock-sepia.jpg 615w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><\/a>Michael Horowitz wrote a great article at Computer World entitled <a href=\"http:\/\/m.blogs.computerworld.com\/encryption\/22366\/can-nsa-see-through-encrypted-web-pages-maybe-so\" target=\"_blank\" rel=\"nofollow\">Perfect Forward Secrecy can block the NSA from secure web pages, but no one uses it<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a>.\n<\/p>\n<p>\n\tThe tl;dr \u2013 encrypted HTTPS communications can be saved by Big Brother, and if the private key is broken at some time in the future, the saved communications can then be\u00a0decrypted and read.\n<\/p>\n<p>\n\tTo avoid this fate, the HTTP server needs to use ephemeral keys (keys that are unique to each encrypted session).\u00a0 Almost nobody does this.\u00a0 I double-checked <a href=\"\/servermonitor\/?ref=blog\">PA Server Monitor's<\/a> (and <a href=\"\/file-sight\/?ref=blog\">PA File Sight's<\/a>) internal HTTPS server, and sure enough, we use ephemeral keys \ud83d\ude42\u00a0 We have the best software engineers (thanks Steve!).\n<\/p>\n<p>\n\tIf you'd like to verify this using the technique mentioned in the article (using the Chrome browser for example), head over to our <a href=\"https:\/\/demo.poweradmin.com:81\" target=\"_blank\">demo server and take a look<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a>.\n<\/p>\n<p>\n\t<span style=\"color: rgb(68, 68, 68); font-family: Arial, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 15px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); display: inline !important; float: none;\">Image: \u00a9 <\/span><a href=\"http:\/\/www.flickr.com\/photos\/pong\/288491653\/\" style=\"text-decoration: none; color: rgb(51, 107, 189); font-family: Arial, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 15px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);\" title=\"Rob  Pongsajapan\" rel=\"nofollow\" target=\"_blank\">Rob Pongsajapan<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a>\n<\/p>\n<p>\n\t\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Michael Horowitz wrote a great article at Computer World entitled Perfect Forward Secrecy can block the NSA from secure web pages, but no one uses it. The tl;dr \u2013 encrypted HTTPS communications can be saved by Big Brother, and if the private key is broken at some time in the future, the saved communications can [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":399,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,10,9],"tags":[],"class_list":["post-391","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-power-admin","category-technical"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/391","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=391"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/391\/revisions"}],"predecessor-version":[{"id":3589,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/391\/revisions\/3589"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/399"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}