Microsoft Incorporating Algorithms into OS for Perfect Forward Secrecy

Microsoft has a new update that introduces four new ciphers to the default priority cipher list within Windows.  This update applies to Windows 7, 8, 8.1 and Windows Server 2008 and 2012.  With perfect forward secrecy, a private key is negotiated for each session, so unlike other SSL and TLS connections where the public/private keypair for the server is used for all sessions, perfect forward secrecy forces an attacker to compromise each session separately.  This clearly raises the bar for attackers.  Much of this is in response to reports of widespread nation-state data collection.  The new ciphers provided are:

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256

Read more about this here.

About The Author

Steve Kosten