Twitter is now deploying a robust form of security, known as Forward Secrecy for Secure Sockets Layer (SSL) encryption, in a bid to further secure its users. Forward Secrecy is not a new idea, though its widespread implementation has been lacking.
SSL technology is the foundation for most Web security, providing encryption for data transport. Every time you visit a banking Website and get that little padlock in the corner of your Web browser window, you’re using SSL. Properly implementing SSL is a challenge for many organizations as it involves multiple configuration steps that aren’t always performed properly, if at all.
The way SSL typically works is that there is a private encryption key that resides on the server. If that key is cracked by an attacker, or an overzealous three-letter agency of the U.S. government, there is the possibility that all the encrypted traffic on the server could be intercepted and decrypted. Forward Secrecy for SSL offers the promise of resiliency for the encryption, even if the server’s private key at some point becomes compromised.