CS406: Information Security

If the public and private keys used in secure communications are compromised, the data exchanged in that session as well as previously exchanged data may be revealed. Perfect Forward Secrecy (PFS) ensures that a session key will not be compromised if a private key is compromised in the future. For example, IPsec negotiates new keys for every communication. Using IPsec, the compromise of a single key permits access to only the data protected by the single key.

The video, Twitter Toughens Security Against NSA Snooping (1:34), explains the implementation of forward secrecy on Twitter to encrypt its traffic on a session-by-session basis.