Provided by: Stanford University
Date Added: May 2014
Forward secrecy guarantees that eavesdroppers simply cannot reveal secret data of past communications. While many TLS servers have deployed the ephemeral Diffie-Hellman (DH) key exchange to support forward secrecy, most sites use weak DH parameters resulting in a false sense of security. In this paper, the authors surveyed a total of 473,802 TLS servers and found that 82.9% of the DHE-enabled servers were using weak DH parameters. Furthermore, given current parameter and algorithm choices, they show that the traditional performance argument against forward secrecy is no longer true.