Micro-blogging platform Twitter introduced new encryption technology named ‘Perfect forward secrecy.’ The new protocol will be enabled on top of standard HTTPS encryption, generating a new key for each encounter and hopefully prevent the passive bulk surveillance by the NSA that’s been revealed in recent months. Twitter officially announced on their blog post that Under traditional HTTPS, the client chooses a random session key, encrypts it using the server’s public key, and sends it over the network. Someone in possession of the server’s private key and some recorded traffic can decrypt the session key and use that to decrypt the entire session.
In order to support forward secrecy, we’ve enabled the EC Diffie-Hellman cipher suites. Under those cipher suites, the client and server manage to come up with a shared, random session key without ever sending the key across the network, even under encryption.
With Forward secrecy the micro blogging site to defend and protect the user’s voice. Twitter enabled forward secrecy on their websites like twitter.com, mobile.twitter.com and api.twitter.com.
The new secure protocol requires a more complex server architectures and may be it will also result in slightly slower service. In earlier the search engine company Yahoo said it will encrypt all information that flows between its data centers.