Twitter has now joined the likes of Google, Mozilla and Facebook by enabling Forward Secrecy to its websites. This will ensure that even if hackers get hold of Twitter’s private keys, they will not be able to decrypt the users’ traffic. In a blog post announcing this new security measure, Jacob Hoffman-Andrews for Twitter wrote that Forward Secrecy will be enabled on twitter.com, api.twitter.com, and mobile.twitter.com. This layer will be applied over the usual confidentiality and integrity properties of HTTPS and will add a new property.
Twitter gets safer (Image credit: Reuters)
“Under traditional HTTPS, the client chooses a random session key, encrypts it using the server’s public key, and sends it over the network. Someone in possession of the server’s private key and some recorded traffic can decrypt the session key and use that to decrypt the entire session. In order to support forward secrecy, we’ve enabled the EC Diffie-Hellman cipher suites,” explains Hoffman-Andrews. However, with those cipher suits, the client and server manage to come to come up with a shared, random session key without ever sending the key across the network, even under encryption. The server’s private key is only used to sign the key exchange, preventing man-in-the-middle attacks.Twitter’s move is in response to leaks about US’ secret government surveillance programmes that were disclosed by former spy agency contractor Edward Snowden. Tech giants like Microsoft, Google, Facebook, and more recently, Yahoo! have all put in stringent encryption methods now and are overtly cautious about what data may or may not be visible to snooping.
(With inputs from agencies)
ReadMore:Android Games
No comments:
Post a Comment