14:22
Unknown
Perfect forward secrecy. If you've even heard of it, you've probably scratched your head a little bit and wondered, "What's that?"
Well, as it just so happens, Twitter has officially deployed this fancy kind of security into its communications with its users. In short, perfect forward secrecy takes the privacy and safety provided by Secure Sockets Layer-based connections (SSL) and kicks it up a notch, helping to ensure that those who break through the encryption have less of a means to see what you've been up to.
In other words, it's a bit of a thumb of a nose to government eavesdroppers at the National Security Agency. Twitter didn't explicitly mention that bit in the Friday blog announcement it posted, but it did link to an article from the Electronic Frontier Foundation (EFF) that calls out the NSA by name for its "upstream," long-term data storage capabilities. Connections protected by perfect forward secrecy undoubtedly give the NSA a bit more of a headache when it comes to their efforts at keeping tabs on users' digital lives. As explained by the EFF:
"Every Web server that uses HTTPS has its own secret key that it uses to encrypt data that it sends to users. Specifically, it uses that secret key to generate a new "session key" that only the server and the browser know. Without that secret key, the traffic traveling back and forth between the user and the server is incomprehensible, to the NSA and to any other eavesdroppers," writes EFF activist Parker Higgins.
"But imagine that some of that incomprehensible data is being recorded anyway—as leaked NSA documents confirm the agency is doing. An eavesdropper who gets the secret key at any time in the future—even years later—can use it to decrypt all of the stored data! That means that the encrypted data, once stored, is only as secure as the secret key, which may be vulnerable to compromised server security or disclosure by the service provider."
The fun of perfect forward secrecy is that the aforementioned session keys are generated individually for each web session. Were someone to acquire said key, it would only really be useful to decrypt a single session of Twitter access. One could still decrypt a ton of past communications, but it would require access to the corresponding ton of keys, not just one SSL key.
This additional security measure does come with a wee bit of a performance cost, but the brief, 150-milliseocnd delay for Twitter users in the U.S. (as reported by The New York Times) doesn't seem to be that tough of a trade-off for those keen on keeping their private data exchanges with Twitter just that — as private as possible.
Twitter officially flipped the switch on perfect forward secrecy on October 21, but elected to wait to officially inform users until it was sure that no bugs or issues manifested themselves as part of the process.
via Technology - Google News http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNFCjNyOc1-wMcP4G3ESYM7qOhMrHA&url=http://www.pcmag.com/article2/0,2817,2427545,00.asp
Put the internet to work for you.
Posted in: Tablets 4 Kids
0 comments:
Post a Comment