Google Protects Data For the Long Term
Google has modified the encryption method used by its HTTPS-enabled services including Gmail, Docs and Google+, in order to prevent current traffic from being decrypted in the future.
Last year Google introduced HTTPS by default for Gmail and encrypted search. However, most major sites supporting HTTPS operate in a non-forward secret fashion, which runs the risk of retrospective decryption. In other words, an encrypted, unreadable email could be recorded while being delivered to your computer today. In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today?s email traffic.
For this reason, Google implemented forward secrecy, an encryption property that requires the private keys for a connection not to be kept in persistent storage.
"An adversary that breaks a single key will no longer be able to decrypt months' worth of connections; in fact, not even the server operator will be able to retroactively decrypt HTTPS sessions," explained Adam Langley, a member of Google's security team, in a blog post.
Forward secret HTTPS is now live for Gmail and many other Google HTTPS services, like SSL Search, Docs and Google+. Google has also released the workthat it did on the open source OpenSSL library that made this possible.
The new Google HTTPS implementation uses ECDHE_RSA for key exchange and the RC4_128 cipher for encryption. this combination is only supported in Firefox and Chrome at the moment, which means that HTTPS connections on Internet Explorer will not benefit from the added security.
For this reason, Google implemented forward secrecy, an encryption property that requires the private keys for a connection not to be kept in persistent storage.
"An adversary that breaks a single key will no longer be able to decrypt months' worth of connections; in fact, not even the server operator will be able to retroactively decrypt HTTPS sessions," explained Adam Langley, a member of Google's security team, in a blog post.
Forward secret HTTPS is now live for Gmail and many other Google HTTPS services, like SSL Search, Docs and Google+. Google has also released the workthat it did on the open source OpenSSL library that made this possible.
The new Google HTTPS implementation uses ECDHE_RSA for key exchange and the RC4_128 cipher for encryption. this combination is only supported in Firefox and Chrome at the moment, which means that HTTPS connections on Internet Explorer will not benefit from the added security.