Bobusnr

Uncatagorized

Twitter Toughening Its Security to Thwart Government Snoops

Welcome and thank you for stopping by. Please be aware and advised, this is a CONSERVATIVE BLOG.

 

Here is some information and my rules:

 1) I do not like Liberal Ideology;

 

 2) Conservatives have the voice of reason on my blog;

 

 3) I will delete any comments that are abusive, non-related to the “blog theme” and not debated in a civil manner;

 

 4) I welcome input from all walks of life.

 

However, this is my blog and I will make the “ultimate” decision on any/all comments.

I encourage “civil” discussion. We may not agree on “ideology”.

 

However, we can agree on “respect” and at least listening to different perspectives.

 

Thank you for visiting!

 

Reblogged from:http://bits.blogs.nytimes.com

 

Posted by:NICOLE PERLROTH and VINDU GOEL

Jacob Hoffman-Andrews, right, a security engineer at Twitter, had been pushing the company to adopt forward secrecy for some time, but did not get much support for the project until the recent revelations about the National Security Agency's surveillance practices.Noah Berger for The New York Times Jacob Hoffman-Andrews, right, a security engineer at Twitter, had been pushing the company to adopt forward secrecy for some time, but did not get much support for the project until the recent revelations about the National Security Agency’s surveillance practices.

  • Facebook
  • Twitter
  • Google+
  • Save
  • Email
  • Share
  • Print

A year ago, hardly anyone, save for cryptographers, had heard of Perfect Forward Secrecy. Now, some customers are demanding it, and technology companies are adding it, one by one, in large part to make government eavesdropping more difficult.

On Friday, Twitter will announce that it has added Perfect Forward Secrecy, after similar announcements by Google, Mozilla and Facebook. The technology adds an extra layer of security to Web encryption to thwart eavesdropping, or at least make the National Security Agency’s job much, much harder. (Update: Twitter has announced the security change on its blog.)

Until Edward J. Snowden began leaking classified documents last summer, billions of people relied on a more common type of security called Transport Layer Security or Secure Sockets Layer (S.S.L.) technology to protect the transmission of sensitive data like passwords, financial details, intellectual property and personal information. That technology is familiar to many Web users through the “https” and padlock symbol at the beginning of Web addresses that are encrypted.

But leaked N.S.A. documents make clear that the agency is recording high volumes of encrypted Internet traffic and retaining it for later cryptanalysis. And it’s hardly the only one: Iran, North Korea, and China all store vast amounts of Internet traffic. More recently, Saudi Arabia has been actively trying to intercept mobile data for Twitter and other communication tools.

The reason governments go to great lengths to store scrambled data is that if they later get the private S.S.L. keys to decrypt that data — via court order, hacking into a company’s servers where they are stored or through cryptanalysis — they can go back and decrypt past communications for millions of users.

Perfect Forward Secrecy ensures that even if an organization recording web traffic gets access to a company’s private keys, it cannot go back and unscramble past communications all at once. Perfect Forward Secrecy encrypts each web session with an ephemeral key that is discarded once the session is over. A determined adversary could still decrypt past communications, but with Perfect Forward Secrecy the keys for each individual session would have to be cracked to read the sessions’ contents.

Perfect Forward Secrecy was invented more than 20 years ago, and Paul Kocher, a leading cryptographer, put support for Perfect Forward Secrecy into the S.S.L .protocol. But companies have been reluctant to use it because it slows website and browser performance, uses resources and because — until Snowden — most consumers did not even know it existed. Unlike S.S.L. technology, there is no indication to a user that Perfect Forward Secrecy is enabled.

This tougher security is quickly becoming a must-have for Internet companies.

Earlier this week, Marissa Mayer, the chief executive of Yahoo, announced that Yahoo would introduce new security features in 2014. But, on Twitter, some consumers were quick to point out that Perfect Forward Secrecy was conspicuously absent from her blog post.

“With security, there are always the things you know you ought to do,” Mr. Kocher said in an interview. “But it’s not until you have a clear adversary that it’s much easier to justify the resources to go fix the problem.”

At Twitter, Jacob Hoffman-Andrews, a security engineer, had been pushing the company to adopt forward secrecy for some time, but did not get much support for the project until the Snowden leaks.

That showed “there really were organizations out there in the world that were scooping up encrypted data just so they could try to attack it at a large scale,” said Jeff Hodges, another Twitter software engineer. “We were like, oh, we need to actually spend some more time and really do this right.”

Actually installing and turning on the technology took only a few months, once Twitter decided to do it, both men said in an interview. That was in part because Google, an early pioneer in the technology, had worked out many of the kinks in Perfect Forward Secrecy and shared its knowledge with the security community.

Perfect Forward Secrecy does add a slight delay to a user’s initial connection to Twitter — about 150 milliseconds in the United States and up to a second in countries like Brazil that are farther away from Twitter’s servers. But the company said the extra protection was worth the delay.

Twitter said it turned on Perfect Forward Secrecy on Oct. 21, although it refrained from publicizing the change immediately to make sure there were no problems.

Twitter said it hoped that its example would prompt other companies to adopt the technology.

“A lot of services that don’t think they need it actually do,” Mr. Hodges said.

 

Single Post Navigation

One thought on “Twitter Toughening Its Security to Thwart Government Snoops

  1. Reblogged this on Brittius.com.

Brittius

Honor America

China News

News and Opinions From Inside China

My Opinion My Vote

America needs saving

hillbillysurvival

The greatest WordPress.com site in all the land!

Linux Power Wordpress.com

Just another WordPress.com weblog

redpillreport.wordpress.com/

The ‘red pill’ and its opposite, ‘blue pill,‘ are pop culture terms that have become symbolic of the choice between blissful ignorance (blue) and embracing the sometimes-painful truth of reality (red). It’s time for America to take the red pill and wake up from the fog of apathy.

The Mad Jewess

Mirror Site For Reflection

JUSTICE FOR RAYMOND

Sudden, unexplained, unattended death and a families search for answers

Flyover-Press.com

Dedicated to freedom in our lifetimes

News You May Have Missed

News you need to know to stay informed

Automattic

Making the web a better place

U.S. Constitutional Free Press

Give me Liberty, Or Give me Death!

swissdefenceleague

Swiss Defence League

NY the vampire state

Sucking the money from it's citizens as a vampire sucks blood from it's victims. A BPI site

The Clockwork Conservative

All wound up about politics, history, culture... lots of stuff.

PUMABydesign001's Blog

“I hope we once again have reminded people that man is not free unless government is limited. There’s a clear cause and effect here that is as neat and predictable as a law of physics: as government expands, liberty contracts.” Ronald Reagan.

partneringwitheagles

WHENEVER ANY FORM OF GOVERNMENT BECOMES DESTRUCTIVE OF THESE ENDS (LIFE,LIBERTY,AND THE PURSUIT OF HAPPINESS) IT IS THE RIGHT OF THE PEOPLE TO ALTER OR ABOLISH IT, AND TO INSTITUTE A NEW GOVERNMENT...

LeatherneckM31

Weapons-grade blogging; quips, quotes and comments 'cause we live in a world gone mad.......

%d bloggers like this: