Twitter has added a “Perfect Forward Secrecy” (PFS) protocol that will enable stronger web security.
Not so long after its rival, Facebook, implemented the usage of PFS, Twitter announced Friday that it will also use the protocol on its service.
With PFS, companies and individuals can be certain that even if someone who records web traffic gains entry to their private keys, it cannot revert and decode past communications at once.
Perfect Forward Secrecy, or PFS, is a protocol that “ensures that a session key derived from a set of long-term keys will not be compromised if one of the long-term keys is compromised in the future.” Meaning, it will make nosing around thorny for snoopers.
PFS is not a new invention. In fact, it was created more than 20 years ago with the support of Paul Kocher, the president and chief scientist of Cryptography Research, Inc. and it offers tougher Internet security measures. However, it is not well-known and institutions doubted its ability because it slows the performance of browsers and websites.
Kocher told the New York Times in an interview, “With security, there are always the things you know you ought to do. But it’s not until you have a clear adversary that it’s much easier to justify the resources to go fix the problem.”
Since PFS offers a higher security for browsing, Jacob Hoffman-Andrews, one of Twitter’s security Engineers, pushed the social network to implement forward secrecy, but didn’t get much support until Edward Snowden, an ex-CIA employee and ex-NSA contractor, exposed confidential information documents that the NSA have recorded and kept for possible use later on.
Jeff Hodges, a software engineer for Twitter, told the New York Times, “There really were organizations out there in the world that were scooping up encrypted data just so they could try to attack it at a large scale,” and he added, “We were like, oh, we need to actually spend some more time and really do this right.”
According to both Twitter’s engineers, installing and enabling the protocol for Twitter took them only a few months after the approval and that is so because Google, an early pioneer in the technology, had already ironed the path in PFS and shared its familiarity with the security community.
Hodges added, “A lot of services that don’t think they need it actually do,” and the company hopes that many services will also implement this kind of Internet Security measure.
