Twitter beefs up security to thwart snooping

Microblogging site Twitter is combating cyber snooping by making it harder for hackers to decrypt its encrypted data even if the hackers manage to get their hands on Twitter’s private keys.

Twitter said it is using a method called perfect forward secrecy on top of its usual confidentiality measures and traditional HTTPS encryption.

“Under traditional HTTPS, the client chooses a random session key, encrypts it using the server’s public key and sends it over the network,” a blog post by Twitter engineer, Jacob Hoffman-Andrew said. “Someone in possession of the server’s private key and some recorded traffic can decrypt the session key and use that to decrypt the entire session.”

He said Twitter is using the EC Diffie-Hellman cipher suites, a method of exchanging cryptographic keys, to support forward secrecy. With this method, Hoffman-Andrew said, the server’s key is only used to sign the key exchange and therefore prevents a man-in-the-middle-attack.

Although Twitter did not mention the United States National Security Agency, some media outlets said the move could be meant to prevent the NSA from collecting data from Twitter’s network.

“If an adversary is currently recording all Twitter users’ encryption traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic,” he said.

Parker Higgins, an activist with the digital rights group Electronic Frontier Foundation, said that perfect forward secrecy is becoming a very important Web security method.

“Sites that use perfect forward secrecy can provide better security to users in cases where the encrypted data is being monitored and recorded by a third party,” he wrote in a blog. “That particular threat may have once seemed unlikely, but we now know that the NSA does exactly this kind of long-term storage of at least some encrypted communication as they flow through telecommunications hubs, in a collection effort it calls upstream.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now