Lightboard Lessons: Perfect Forward Secrecy

Hi Piotr!! Thanks for all the great questions! I'll attempt to answer them all, but if I miss something, please let me know, and I'll follow up with more information.

The random integer is used as a part of the Diffie Hellman key exchange, and the basic idea works like this:

The server comes up with two prime numbers g and p and tells you (client) what they are. You then pick a secret, random number (a), but you don't tell anyone. Instead you (client) compute g^a mod p and send that result back to the server. (We'll call that A since it came from a). The server does the same thing, but we'll call the server's secret, random number b. So the server computes g^b mod p and sends you (client) the result (we'll call it "B") Now, you (client) take the number the server sent you and do the exact same operation with it. So that's B^a mod p. The server does the same operation with the result you (client) sent it, so: A^b mod p.

As it turns out, A^b mod p is the same value as B^a mod p. That's the cool, genius magic behind Diffie Hellman. All of these values can be (and are) sent in cleartext, but no one who might capture them will be able to figure out the value of the final operation because they would need the value a or b to figure it out. And, those values are the secret, random values that the client and server have generated.

As for the ephemeral part, if you don't use ephemeral keys, then the same random values would be used for a longer period of time between a specific client and server. However, if ephemeral keys are used, then the random values are new with every session, so the keys will then change with every session.

Finally, on the server certificate...yes, it's still sent via the RSA algorithm but it's never used for creating keys for bulk data encryption. Rather, like you said, it's only used for server identity purposes.

Thanks again for the great questions!!