In order to ensure that no third party spies on the tweets of its users, Twitter has implemented an extra layer of security protocol called Perfect Forward Secrecy. Forward Secrecy forms an additional protection on top of the existing HTTPS.
The extra security secures traffic on twiiter.com, api.twitter.com and mobile.twitter.com. Twitter explained that “under traditional HTTPS, client chooses a random session key, encrypts it using the server’s public key, and sends it over the network” and an adversary “in possession of the server’s private key and some recorded traffic can decrypt the session key and use that to decrypt the entire session” but under Perfect Forward Secrecy, “the client and server manage to come up with a shared random session key without ever sending the key across the network, even under encryption”.
However, this additional security causes a delay in network by 150 milliseconds or more, which is not a big deal, especially, for a user that won’t tolerate any form of snooping on their tweets.
Twitter had added Forward Secrecy to their networks since October 21 but waited till November 22 to officially inform its users when it is sure that no bugs or issues manifested due to the new security change.
Image Source: CNET.
Source: Blog.Twitter, PC Magazine.
However, this additional security causes a delay in network by 150 milliseconds or more, which is not a big deal, especially, for a user that won’t tolerate any form of snooping on their tweets.
Twitter had added Forward Secrecy to their networks since October 21 but waited till November 22 to officially inform its users when it is sure that no bugs or issues manifested due to the new security change.
Image Source: CNET.
Source: Blog.Twitter, PC Magazine.
No comments
Post a Comment