Twitter Implements Forward Secrecy For Connections 38
Fnord666 writes with this excerpt from Tech Crunch "Twitter has enabled Perfect Forward Secrecy across its mobile site, website and API feeds in order to protect against future cracking of the service's encryption. The PFS method ensures that, if the encryption key Twitter uses is cracked in the future, all of the past data transported through the network does not become an open book right away. 'If an adversary is currently recording all Twitter users' encrypted traffic, and they later crack or steal Twitter's private keys, they should not be able to use those keys to decrypt the recorded traffic,' says Twitter's Jacob Hoffman-Andrews. 'As the Electronic Frontier Foundation points out, this type of protection is increasingly important on today's Internet.'"
Of course, they are also using Elliptic Curve ciphers.
Re:I Don't Undertsand (Score:5, Insightful)
Twitter is completely open to anyone. So, what's the point of encryption?
In my opinion, it's "non-optimal" (at best), to forgo encryption because you deem some traffic of yours to be of low-value. What does that tell your potential adversaries about the nature of the traffic you do encrypt? Regarding the destination, (in this case Twitter), it's unlikely known to many potential adversaries if you're using Tor, I2P, etc., , which (along with TLS with PFS,) add another layer of defense-in-depth.
Your thinking reminds me of people/businesses that own a shredder, but only use them to shred highly-sensitive documents — it makes the job of reconstructing shredded ("unshredding") documents faster, easier, and more fruitful.
In regard to my own data and traffic, I don't ask, "does this need to be encrypted?" I ask, "can this be encrypted? The browser plugin "TrackMeNot" helps in a similar manner, by hiding whatever I may actually search for within ~1,440 phony queries per day. I also shred everything my cross-cut shredder will accept, and I pull the o' Enron trick of mixing in used coffee grounds as an impersonal "fuck you" to any who'd try to unshred my Pennysavers, envelopes, subscription cards, scratched discs, and most importantly, "etc."