The property defined
Perfect forward secrecy, often called forward secrecy, means that if an attacker later steals a server's long term private key, they still cannot decrypt past sessions they recorded. Each session uses a fresh ephemeral key that is thrown away when the session ends, so there is no single key whose theft unlocks the whole history.
How it is achieved
- Use an ephemeral Diffie Hellman exchange so each session derives a unique shared secret.
- Never reuse the ephemeral private values, and discard them after the handshake.
- Keep the long term certificate key only for authentication, not for deriving session keys.
- Rotate session keys so even a long connection limits exposure.
Without forward secrecy, an attacker can passively record encrypted traffic for years, then decrypt all of it the day they obtain the server's private key. This is the harvest now decrypt later threat. Forward secrecy breaks that strategy by ensuring the key needed to decrypt a session no longer exists once the session closes. Modern TLS prefers cipher suites that provide it by default.
Key idea
Perfect forward secrecy uses fresh ephemeral keys per session so that stealing a server's long term key cannot decrypt previously recorded traffic, defeating the harvest now decrypt later threat.