Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Twitter Encryption Privacy

Twitter Implements Forward Secrecy For Connections 38

Posted by Unknown Lamer from the nsa-sad-it-doesn't-know-what-you-ate-five-minutes-ago dept.
Fnord666 writes with this excerpt from Tech Crunch "Twitter has enabled Perfect Forward Secrecy across its mobile site, website and API feeds in order to protect against future cracking of the service's encryption. The PFS method ensures that, if the encryption key Twitter uses is cracked in the future, all of the past data transported through the network does not become an open book right away. 'If an adversary is currently recording all Twitter users' encrypted traffic, and they later crack or steal Twitter's private keys, they should not be able to use those keys to decrypt the recorded traffic,' says Twitter's Jacob Hoffman-Andrews. 'As the Electronic Frontier Foundation points out, this type of protection is increasingly important on today's Internet.'" Of course, they are also using Elliptic Curve ciphers.
This discussion has been archived. No new comments can be posted.

Twitter Implements Forward Secrecy For Connections More

Twitter Implements Forward Secrecy For Connections

Comments Filter:

  • Re:SSL? (Score:5, Informative)

    by thue ( 121682 ) on Sunday November 24, 2013 @10:03AM (#45506717) Homepage

    Perfect Forward Security is optional in SSL - you can run SSL without DH exchange. That is the whole point of the article.

  • PFS Determination+ (Score:5, Informative)

    by cffrost ( 885375 ) on Sunday November 24, 2013 @12:13PM (#45507205) Homepage

    I recommend Calomel SSL Validation [calomel.org] to anyone who's interested in the security of their SSL/TLS connections. It adds a toolbar button, the color of which is determined by a weighted, composite score based on various connections security parameters: Bit-lengths, algos (e.g., AES > RC4), PFS, handshake/protocol, domain matching, etc. Clicking the button displays the complete break-down, including a percentage-score for overall connection security.

    There's also a Tools menu dialog that allows one to toggle >=128 bit, >=256 bit, PFS, and/or FIPS connections exclusively, among other security and interface tweaks.

    Along the same lines, I also recommend CipherFox [github.com], which has a configurable status-bar display of symmetric/asymmetric algos and their bit-lengths, and the hash function used in a secure connection. CipherFox also allows RC4 to be toggled, which is handy in conjunction Calomel.

    The above are all freeware that appear to be written and published by individuals lacking a nefarious corporate agenda.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close