Translate

Image of RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) (Certification Press)
Image of Advanced Programming in the UNIX Environment, Second Edition (Addison-Wesley Professional Computing Series)
Image of Modern Operating Systems (3rd Edition)
Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)

Perfect Forward Secrecy in SSH

Perfect Forward Secrecy (PFS) is a property of public-key encryption systems which generate random public keys per session for the purposes of key agreement which are not based on any sort of deterministic algorithm. A compromise of one message cannot lead to the compromise of another message or multiple messages. Twitter, Apache mod_ssh, SSL, TLS, and IPSec all support forward secrecy. According to the referenced Wikipedia article: Forward secrecy is designed to prevent the compromise of a long-term secret key from affecting the confidentiality of past conversations. However, forward secrecy (including perfect forward secrecy) cannot defend against a successful cryptanalysis