I learned that perfect forward secrecy is implemented through DHE and ECDH but what is the difference between these 2 key exchanges?
Also can someone explain how perfect forward secrecy works? I've found a variety of answers online ranging from: there's a secret session key that's never shared that's generated, there's a session key that changes based on random input from both users, and there's a session key that is derived from a shared secret that only the 2 users know.
First, my apologies for the math, and for overly simplifying the math!
The difference between DHE and ECDH in two bullet points:
The overall method in both cases is still Diffie–Hellman. (Or are we calling it Diffie–Hellman-Merkle these days?)
Perfect forward secrecy is achieved by using temporary key pairs to secure each session - they are generated as needed, held in RAM during the session, and discarded after use.
The "permanent" key pairs (the ones validated by a Certificate Authority) are used for identity verification, and signing the temporary keys as they are exchanged. Not for securing the session.
Does that explain things a bit better?
Edit: To examine your examples in detail...
secret session key that's never shared
Well, this is the definition of DH key exchange, but isn't related to perfect forward secrecy. DH allows both parties to independently calculate the shared secret will be, without transmitting the shared secret in the clear, over the still-insecure channel.
session key that changes based on random input from both users
...Certainly both sides of the connection will use local sources of randomness to derive their temporary session keys, but I think the above phrasing misses the point: perfect forward secrecy is achieved by discarding the session keys after use.
session key that is derived from a shared secret that only the 2 users know
By now you're thinking "How does this fact give us perfect forward secrecy?" To belabor the point: perfect forward secrecy is achieved by discarding the session keys after use.
Perfect forward secrecy (PFS) means that the compromise of a long-term keying material does not compromise session keys that were previously derived from the long-term material. This means that an eavesdropper who has recorded all your previous protocol runs cannot derive the past session keys even through he has somehow learnt about your long term key which could be a RSA private key. Fortunately, the latter is used for only for achieving authentication instead of the derivation of the actual session key (like in the STS or ECDH protocol as DHE is vulnerable to man-in-the-middle attacks).
Both DHE and ECDH provide PFS due to the assumption that it is hard to solve the mathematical Diffie–Hellman problem (compute g^xy given the values of g, g^x and g^y) and discrete logarithm problem (find k given g^k and g) for DHE and the elliptic curve discrete logarithm problem (find n given, nP and Q) for ECDH. Thus, even with the private key, an eavesdropper is unable to derive the session keys unless he can solve the "difficult" mathematical problems. The ECDH is a variant of the Diffie–Hellman protocol which uses elliptic curve cryptography to lower computational, storage and memory requirements.
