Sunday, November 24, 2013

Twitter Implements Forward Secrecy

Twitter announced the implementation of Forward Secrecy for traffic on twitter.com, api.twitter.com, and mobile.twitter.com.  The new security seeks to defend against an adversary that may be recording all of Twitter's encrypted HTTPS traffic.

On a blog post, Twitter's engineering team said that unlike traditional HTTPS, Forward Security enables the EC Diffie-Hellman cipher suites, which lets the client and server share a random session key without ever sending the key across the network, even under encryption.

Twitter is encouraging other websites to adopt Forward Secrecy as "the new normal" in web traffic, saying this type of protection is increasing important on today's Internet.

https://blog.twitter.com/2013/forward-secrecy-at-twitter-0