The Threat It Stops
Imagine an attacker records your encrypted traffic today and later steals the server long term private key. Without protection, they could decrypt all that captured traffic. Forward secrecy prevents this.
Ephemeral Keys
Forward secrecy comes from using a fresh ephemeral key exchange for each session. The two sides run an ephemeral Diffie Hellman, derive a session key, then discard the ephemeral private values when the session ends.
- The long term key only authenticates the handshake, it does not encrypt the data.
- Each session secret is independent of every other.
- Once discarded, the ephemeral secret cannot be recovered.
Why The Long Term Key Is Safe To Lose
Because the session key was derived from short lived ephemeral values that no longer exist, a later theft of the long term private key reveals nothing about past sessions. Each conversation stays sealed.
In The Real World
Modern secure transport prefers ephemeral elliptic curve key exchange precisely to gain forward secrecy by default, protecting against future key compromise and bulk recorded traffic.
Key idea
Forward secrecy uses fresh ephemeral key exchanges that are discarded after each session, so a future theft of the long term private key cannot decrypt traffic that was recorded in the past.