Twitter tightens security against NSA snooping

November 23, 2013 – 7:40 AM

Twitter has implemented new security measures that should make it much more difficult for anyone to eavesdrop on communications between its servers and users, and is calling on other Internet companies to follow its lead.

The company has implemented “perfect forward secrecy” on its Web and mobile platforms, it said Friday. The technology should make it impossible for an organization to eavesdrop on encrypted traffic today and decrypt it at some point in the future.

At present, the encryption between a user and the server is based around a secret key held on the server. The data exchange cannot be read but it can be recorded in its encrypted form. Because of the way the encryption works, it’s possible to decrypt the data at some point in the future should the server’s secret key ever be obtained.

With perfect forward secrecy, the data encryption is based on two short-lived keys that cannot be later recovered even with the knowledge of the server key, so the data remains secure.

It’s an important principle, because while encryption traffic is difficult to break with current computer technology, innovations in computing hardware and systems might make it easier to break in the future. Perfect forward secrecy should ensure data remains secure no matter the advances in computer technology.


You must be logged in to post a comment.