What is perfect forward secrecy and why does it matter?

Perfect forward secrecy, or PFS, is a property of key exchange protocols that ensures session keys are not compromised even if the server's long-term private key is later stolen. Each session generates unique ephemeral keys using Diffie-Hellman or Elliptic Curve Diffie-Hellman that are discarded after the session ends. Without PFS, an attacker who records encrypted traffic and later obtains the private key can decrypt all past sessions. With PFS, each session's keys are independent and destroying them makes past traffic permanently unrecoverable. ---