A year ago, hardly anyone, save for cryptographers, had heard of Perfect Forward Secrecy. Now, some customers are demanding it, and technology companies are adding it, one by one, in large part to make government eavesdropping more difficult.
On Friday, Twitter announced that it had added Perfect Forward Secrecy, after similar announcements by Google, Mozilla and Facebook. The technology adds an extra layer of security to Web encryption to thwart eavesdropping, or at least make the National Security Agency’s job much, much harder.
Until Edward J. Snowden began leaking classified documents this summer, billions of people relied on a more common type of security called Transport Layer Security or Secure Sockets Layer (SSL) technology to protect the transmission of sensitive data like passwords, financial details, intellectual property and personal information. That technology is familiar to many Web users through the “https” and padlock symbol at the beginning of Web addresses that are encrypted.
But leaked NSA documents make clear that the agency is recording high volumes of encrypted Internet traffic and retaining it for later cryptanalysis. And it is hardly the only one: Iran, North Korea and China all store vast amounts of Internet traffic. More recently, Saudi Arabia has been trying to intercept mobile data for Twitter and other communication tools.
The reason governments go to great lengths to store scrambled data is that, if they later get the private SSL keys to decrypt that data — via court order, hacking into a company’s servers where they are stored or through cryptanalysis — they can go back and decrypt past communications for millions of users.
Perfect Forward Secrecy ensures that, even if an organization recording web traffic gets access to a company’s private keys, it cannot go back and unscramble past communications all at once. Perfect Forward Secrecy encrypts each Web session with an ephemeral key that is discarded once the session is over. A determined adversary could still decrypt past communications, but with Perfect Forward Secrecy the keys for each individual session would have to be cracked to read the sessions’ contents.
Perfect Forward Secrecy was invented more than 20 years ago, and Paul Kocher, a leading cryptographer, put support for Perfect Forward Secrecy into the SSL protocol. But companies have been reluctant to use it because it slows website and browser performance, uses resources and because — until Snowden — most consumers did not even know it existed. Unlike SSL technology, there is no indication to a user that Perfect Forward Secrecy is enabled.
This tougher security is quickly becoming a must-have for Internet companies.
This week, Marissa Mayer, the chief executive of Yahoo, announced that Yahoo would introduce new security features in 2014. But, on Twitter, some consumers were quick to point out that Perfect Forward Secrecy was conspicuously absent from her blog post.
“With security, there are always the things you know you ought to do,” Kocher said in an interview. “But it’s not until you have a clear adversary that it’s much easier to justify the resources to go fix the problem.”
At Twitter, Jacob Hoffman-Andrews, a security engineer, had been pushing the company to adopt forward secrecy for some time but did not get much support for the project until the Snowden leaks.
That showed “there really were organizations out there in the world that were scooping up encrypted data just so they could try to attack it at a large scale,” said Jeff Hodges, a Twitter software engineer. “We were like, ‘Oh, we need to actually spend some more time and really do this right.’”
Installing and turning on the technology took only a few months, once Twitter decided to do it, both men said in an interview. That was in part because Google, an early pioneer in the technology, had worked out many of the kinks in Perfect Forward Secrecy and shared its knowledge with the security community.
Perfect Forward Secrecy does add a slight delay to a user’s initial connection to Twitter — about 150 milliseconds in the United States and up to a second in countries like Brazil that are farther away from Twitter’s servers. But the company said the extra protection was worth the delay.
Twitter said it had turned on Perfect Forward Secrecy on Oct. 21, although it refrained from publicizing the change immediately to make sure there were no problems.
Twitter said it hoped that its example would prompt other companies to adopt the technology.
“A lot of services that don’t think they need it actually do,” Hodges said.