Twitter has enabled Perfect Forward Secrecy across its mobile site, website and API feeds in order to protect against future cracking of the service’s encryption. The PFS method ensures that, if the encryption key Twitter uses is cracked in the future, all of the past data transported through the network does not become an open book right away.
“If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic,” says Twitter’s Jacob Hoffman-Andrews. “As the Electronic Frontier Foundation points out, this type of protection is increasingly important on today’s Internet.”
This will augment the TLS and SSL protocols already used by Twitter to protect logins and transmission of data across its network. Twitter made its site fully HTTPS compliant in early 2011, though a
View original post 281 more words