Question: Does fastd implement perfect forward secrecy?

[marek22k]

Hello,

I would like to know which encryption variants offers PFS in fastd?

Unfortunately I haven't found a forum or anything similar, so I'm posting my question here as an issue. If this is the wrong place for it, I'm sorry.

[marek22k]

I think I found the answer in the documentation:

The modified algorithm FHMQV-C specified in the same document also provides Perfect Forward Secrecy (PFS), which isn’t the case for the simple FHMQV algorithm.

[neocturne]

@marek22k Right, you already found the relevant information - as fastd always uses FHMQV-C for its key exchange, it generally provides PFS. Session keys are rotated every 1 hour.