AI Snips
Chapters
Transcript
Episode notes
Single Long-Lived Conversation Key
- Twitter's encrypted DMs use standard primitives like AES-GCM rather than inventing new cryptography.
- The implementation chooses a single long-lived AES key per conversation, which removes forward secrecy.
Device Keys Uploaded Publicly
- Each device generates a P-256 key pair and uploads the public key to Twitter's key manager endpoint.
- The sender encrypts a single conversation AES key to each recipient device's public key and includes those blobs in the first message.
No Forward Secrecy Or Key Rotation
- Encrypted conversation keys are only sent in the first message, so devices added later won't receive past keys.
- This design means no forward secrecy and full-history decryption if the conversation key is compromised.