The key to perfect web encryption

      Comments Off on The key to perfect web encryption

The key to perfect web encryptionDevelopers behind the Signal encrypted instant messaging app are championing Perfect Forward Secrecy as the most effective encryption protocol. PFS presents hackers with a moving target, by automatically and frequently changing the keys it uses to encrypt and decrypt information. If the latest key is compromised, it exposes only a small portion of the user’s sensitive data. Signal’s new ‘double ratchet’ system goes one stage further – by generating a new encryption key with every message.

Curiously, despite its effectiveness, not all financial and e-commerce websites have yet embraced PFS, leaving them vulnerable to upstream collection attacks. Using a single key to encrypt communications is clearly no longer enough – evidence that in today’s digital world, security researchers can’t ever rest of their laurels.