Twitter Hardens Services with Perfect Forward Secrecy

Twitter announced that it has implemented Perfect Forward Secrecy for Twitter.com as well as its API and mobile sites.

Twitter took another step toward not only securing the privacy of its users’ communication over the social network, but in warding off the prying eyes of government surveillance with the implementation of Perfect Forward Secrecy. The technology thwarts the efforts of anyone who may be collecting Twitter traffic today with the hope of cracking the private key securing it tomorrow.

“At the end of the day, we are writing this not just to discuss an interesting piece of technology, but to present what we believe should be the new normal for web service owners,” said Twitter security engineer Jacob Hoffman-Andrews. “A year and a half ago, Twitter was first served completely over HTTPS. Since then, it has become clearer and clearer how important that step was to protecting our users’ privacy.”

Perfect Forward Secrecy ensures that private session keys securing an encrypted connection are random and if one is compromised, it cannot be used to compromise other messages.

“When an encrypted connection uses perfect forward secrecy, that means that the session keys the server generates are truly ephemeral, and even somebody with access to the secret key can’t later derive the relevant session key that would allow her to decrypt any particular HTTPS session,” wrote Parker Higgins, an activist with the Electronic Frontier Foundation. “So, intercepted encrypted data is protected from prying eyes long into the future, even if the website’s secret key is later compromised.”

While Yahoo and other laggards have either only recently deployed HTTPs across their web services or have yet to do so, Twitter extends its leadership among Internet companies. Twitter announced that forward secrecy has been enabled not only on twitter.com but on api.twitter.com and mobile.twitter.com. A recent EFF crypto report shows that Twitter is among a handful of major companies that deploys forward secrecy; others include Facebook, Dropbox, Google, Tumblr and SpiderOak.

Twitter encouraged other companies to implement not only HTTPS as the default, but harden it with HSTS, certificate pinning and forward secrecy.

“Security is an ever-changing world. Our work on deploying forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice in that world,” Twitter’s Hoffman-Andrews said.

Hoffman-Andrews explained in his blogpost that Twitter has enabled the EC Diffie-Hellman cipher suite to support forward secrecy.

“Under those cipher suites, the client and server manage to come up with a shared, random session key without ever sending the key across the network, even under encryption,” he said. “The server’s private key is only used to sign the key exchange, preventing man-in-the-middle attacks.”

The Snowden leaks have demonstrated that the NSA is adept at not only collecting phone call metadata, but practically any data it chooses, from email address books, to searches and other Internet traffic. HTTPS and other encryption offshoots put up hurdles for the NSA. Meanwhile, major web services providers such as Yahoo, which will only deploy HTTPS by default on its services at the start of the new year, don’t put up a barrier at all.

EFF staff attorney Seth Schoen told Threatpost that HTTPS—SSL and/or TLS encryption—is something that users should demand and developers should consider normal and standard with new applications. But, he cautioned, that HTTPS is a minimum standard of protection and that forward secrecy and HSTS, for example, should be considered as well.

Schoen said that enabling Perfect Forward Secrecy requires computational resources and additional costs, but he also said that those were some of the same arguments companies used as a counter to enabling HTTPS. However, Schoen said, computers are getting faster and there’s less of a CPU resource burden today than a half-dozen years ago.

“There’s been a lot of speculation about Moore’s Law and how long that curve will last,” Schoen said. “But as long as we are on the curve for the time being, cryptography that seemed so intensive may not be so if we look again. Five or six years ago, that might have seemed like a huge computational burden, but today that might not be because CPUs are a lot faster.”

Suggested articles