Twitter beefs up security to thwart snooping

Microblogging site Twitter is combating cyber snooping by making it harder for hackers to decrypt its encrypted data even if the hackers manage to get their hands on Twitter’s private keys.

Twitter said it is using a method called perfect forward secrecy on top of its usual confidentiality measures and traditional HTTPS encryption.

“Under traditional HTTPS, the client chooses a random session key, encrypts it using the server’s public key and sends it over the network,” a blog post by Twitter engineer, Jacob Hoffman-Andrew said. “Someone in possession of the server’s private key and some recorded traffic can decrypt the session key and use that to decrypt the entire session.”

He said Twitter is using the EC Diffie-Hellman cipher suites, a method of exchanging cryptographic keys, to support forward secrecy. With this method, Hoffman-Andrew said, the server’s key is only used to sign the key exchange and therefore prevents a man-in-the-middle-attack.

Although Twitter did not mention the United States National Security Agency, some media outlets said the move could be meant to prevent the NSA from collecting data from Twitter’s network.

“If an adversary is currently recording all Twitter users’ encryption traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic,” he said.

Parker Higgins, an activist with the digital rights group Electronic Frontier Foundation, said that perfect forward secrecy is becoming a very important Web security method.

“Sites that use perfect forward secrecy can provide better security to users in cases where the encrypted data is being monitored and recorded by a third party,” he wrote in a blog. “That particular threat may have once seemed unlikely, but we now know that the NSA does exactly this kind of long-term storage of at least some encrypted communication as they flow through telecommunications hubs, in a collection effort it calls upstream.”

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Related Tech News