Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
We wrote about the TextSecure app which uses Perfect Forward Secrecy in October. And now Twitter has opted to include this cryptographic element for its website and API feeds. As with TextSecure, users can now benefit greatly from Twitter VPN encryption on top of the security that Perfect Forward Secrecy provides.
Twitter Perfect Forward Secrecy
Twitter announced the incorporation of Perfect Forward Secrecy a couple of weeks ago on their blog. They described the move as part of their consistent efforts to improve data security for Twitter users. Specifically, this IPSec property will help ensure that Twitter encryption will not be cracked. Private keys can be cracked. Just like any other code, it’s just a matter of time. The first advantage with Perfect Forward Secrecy is that it generates new key values from time to time. Thus cracks can be avoided. In addition, if the encryption is cracked and a key is intercepted, this allows attackers access to current data only. All the data that previously passed through the network cannot be accessed. This is because it is secured by different keys. The second benefit is therefore minimized data leaks in case of a breach.
Twitter VPN Encryption
A current symmetrical key can still be intercepted and used by an attacker. They will only be able to use it for a short time to access a limited amount of data. But if an attacker acts fast, he or she can still cause damage. This is where Twitter VPN encryption comes in. The Twitter VPN adds a layer of encryption to the user’s session and routes it through a secure private tunnel. This safeguards against the Twitter key being intercepted. The attacker needs to first break through the VPN tunnel then break the Twitter VPN encryption before he or she can try to intercept the key.
With Twitter VPN encryption, tunneling and Perfect Forward Secrecy, attackers have a very slim chance of ever intercepting and using a valid key. There’s just too much cracking work to be done, and too little time in which to launch a successful attack. And to top it all off, an additional benefit of using a VPN secures users against the Twitter login defect that was revealed last year. Twitter TLS and SSL protocols already protect user login sessions and data transport, but Twitter VPN encryption and protocols will again add a layer of defense against passwords being sent in plain text.