DuckDuckGo, a search engine, has been prominent in the media since the start of the Snowden revelations due to its privacy policy which promotes anonymity. If the private key used by DuckDuckGo were ever compromised — for example if one of their servers were seized — all previous searches would be revealed where logged traffic is available. DuckDuckGo may be a particularly interesting target for the NSA due to its audience and the small volume of traffic (as compared to Google).
This is because DDG does not use crypto algorithms which support perfect forward secrecy.
When PFS is used, the compromise of an SSL site's private key does not necessarily reveal the secrets of past private communication; connections to SSL sites which use PFS have a per-session key which is not revealed if the long-term private key is compromised. The security of PFS depends on both parties discarding the shared secret after the transaction is complete (or after a reasonable period to allow for session resumption).
So it would require significantly more work for NSA to deal with a site using PFS. Source: netcraft [netcraft.com]
I'm trying to understand PFS having not heard of it before -- If I understand correctly, it is a system wherein a unique public/private key pair is generated on demand using a long term key. Or to put it more simply -- a system that gives every session a new and unique set of encryption keys, thus making compromise of the private key hugely less of a bonanza. If that's the case, that sounds like a great system.
Reading your linked article demonstrates that some sites already do this... how do I make sure
No PFS at DDG (Score:3)
This is because DDG does not use crypto algorithms which support perfect forward secrecy.
So it would require significantly more work for NSA to deal with a site using PFS. Source: netcraft [netcraft.com]
Re: (Score:2)
I'm trying to understand PFS having not heard of it before -- If I understand correctly, it is a system wherein a unique public/private key pair is generated on demand using a long term key. Or to put it more simply -- a system that gives every session a new and unique set of encryption keys, thus making compromise of the private key hugely less of a bonanza. If that's the case, that sounds like a great system.
Reading your linked article demonstrates that some sites already do this ... how do I make sure
Re: (Score:2)
Use this [ssllabs.com] it details towards the bottom the ordering of ciphers.
Re: (Score:2)
actually, I found it in a forum post and have verified, they do now use ECDHE, clearly as a result of the netcraft article.