Google moves forward towards a more perfect SSL

Google moves forward towards a more perfect SSL

Summary: Google's enthusiasm two years ago for Forward Secrecy makes a lot of sense considering all the revelations in the last several months about NSA monitoring of everyone and everything.


I've spent two columns recently talking about SSL news, particularly what Microsoft is up to. Probably even more than Microsoft, Google has worked hard, both with standards and leading by example, to advance the security of the Internet through SSL/TLS.

On Monday Google made another announcement along these lines: They have eliminated the last SSL certificate with a 1024-bit key from their network. Now they are all-2048-bit.

As I wrote yesterday, the National Institute of Standards and Technology (NIST) has set 2016 as a deadline for eliminating 1024-bit keys from SSL. Microsoft seems to be very far along with this as well and has given notice to companies to move to 2048.

Unlike Microsoft, Google's official position (in their Certificate Practices Statement, see Appendix B) is that they are still supporting SHA-1 hashes in certificates. Microsoft has given notice that they won't support such certificates anymore as of 2016.

Google was the first of the major Internet services to turn on SSL by default on their services. In doing so they put pressure on their competitors, and now nearly everyone turns SSL on in appropriate situations. But there is another important SSL issue where Google is way ahead of Microsoft, and it's especially timely: Forward Secrecy, sometimes called Perfect Forward Secrecy, which Google enabled two years ago.

Forward Secrecy deals with the problem of post-hoc analysis of SSL ciphertext. Consider the recent example of Lavabit: The government wanted Lavabit to hand over their SSL keys. Presumably the government had already been collecting encrypted Lavabit traffic, so if they had the keys they could decrypt the traffic contents retroactively.

Forward Secrecy changes the key agreement protocol for SSL between the client and server to ensure that if the long-term key (the one that Lavabit would have to give to the government) is compromised, it won't compromise the separate session keys used for any specific session. The session keys are randomly generated using a non-deterministic algorithm.

Google's enthusiasm two years ago for Forward Secrecy makes a lot of sense considering all the revelations in the last several months about NSA monitoring of everyone and everything. One of the advantages that an agency like the NSA has is massive computing resources. They can afford to collect huge amounts of encrypted data on the chance that it later becomes worth the hard work necessary to decrypt some of it. Forward Secrecy makes it even harder for the NSA to do this.

In fact, having Forward Secrecy enabled for the last two years means that the 1024-bit keys that Google just stopped using weren't much of a problem. The same may be true of SHA-1 (one day when practical attacks against SHA-1 are developed).

Since the NSA blowup Microsoft has been under pressure (here's an example request) to implement Forward Secrecy on their own systems. I can find some references to it on their site (such as this one on MSDN), but it's not clear how far they are from actual implementation. I asked Microsoft and got this statement:

Recent disclosures make it clear we need to invest in protecting customers' information from a wide range of threats, which if the allegations are true, include governments. We are evaluating additional changes that may be beneficial to further protect our customers' data

Whenever I write about all that Google does to protect its users I get snark-back about how they're digging through your private content in order to sell you things. Well, yeah. That's what you agree to in exchange for all those cool free services and the best protection of your data they can give against those with whom you have not agreed to trust your data. If the prospect of seeing an advertisement that has been tailored to your interests is that scary to you, take your business elsewhere.

But if you're a Google user you've benefited greatly from all the security work Google has done. In fact, even if you're not a Google user you have benefited from Google's security work.

Topics: Security, Google, Government, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • owllnet, where are you

    we need some of your trademark google 'snark-back'
    • *Opens popcorn*

    • No need. it's all defeated by Google subsequently

      transmitting it all in the clear after decrypting it. How forward secure was that?
      Johnny Vegas
  • @Larry Seltzer: So true.

    I am in full agreement with you.

    When the data collection done by NSA (USA), GCHQ (UK), BND (Germany) and others are compared with that done by Google, Facebook etc., it is often overlooked that there is a difference between the things that people do voluntarily and those that are done to them without their consent and without a valid democratic mandate.

    Actually, it is the difference between theft and deal. The fact that the agencies and the governments do not understand this fundamental difference gives a clear indication of their intelligence and competence.
    • In fact

      it gives clear indication how "democratic" these governments are and the disconnect between claims and acts. Do not worry, they are competent enough to spy on your every move. They are intelligent enough to manage to delude so many people for so long.
  • Google also started encrypting traffic btwn datacenters back then

    Shouldn't forget that Google already had the plan in place to have full encryption for traffic crossing between data centers as well, and started enacting such encryption in 2011.
  • Security issues one of reasons BlackBerry remains best phone for profession

    Apple, Microsoft and Android "security" all remains suspect, and I am surprised an easy "hack" to the iPhone did not get more press. Still, do you want your lawyer or accountant using an iPhone? I don't. I would prefer they use solid, secure BlackBerry 10
    • Nonsense

      BlackBerry has always been the platform for spying on you. The only way to use their "secure" messaging service is to go via the BBM. That platform is designed specifically for sniffing on all your communications. In fact, in some countries the only way for BB to be permitted to sell their devices/services is to hand the government unrestricted access to these boxes. And they do.

      But, it is up to you to believe that BB is the most secure. Your Government wants you to and you are good citizen, aren't you?
  • Keep Toughing Out the Snarly Remarks

    Either they have an axe to grind vs Google or they don't know that privacy starts with security. No one would believe that g+ is about throwing a 2048 bit encryption around all the info you share with Google when you use Google services. Soon thanks to the EU Google will have to identify real people at Google who will be accountable (via log) for every access to your encrypted data. Every time your data is decrypted from wherever it is stored on the cloud the persons responsible and the reason for use will be logged. Privacy is giving you the keys and allowing you to you to specify the reasons Google can access your data without your keys.
  • Session keys

    However you generate the session keys (they never have anything to do with the SSL keys), you still have to communicate them between parties. This is done using the SSL keys. Not much ... secrecy here.
    Any normal SSL session can change the session keys from time to time -- this only protects from the same key being used for longer time periods (crypto attack), it does not protect from the third party obtaining the SSL keys, nor does it protect from MITM attacks which are very easy with the current SSL trust model.
    • Forward Secrecy

      I believe that PFS was invented specifically to protect against the SSL private key being stolen(they refer to it as the "long term key"). Though I do not know the technical specifics. Are you saying that is not true?
      • MiTM and SSL's EASY

        SSLstrip will easily perform an MiTM between a user and an https enabled site. To the user, you'd have to be extremely diligent and 'aware' of page changes to even know you're being hacked.

        To prevent the easy of MiTM with SSL, you have to also employ HSTS something even our AffordableHeatlhcare website doesn't use. But that's another story entirely!
        John Al
  • curious?

    Google has a concern for security? If that's true, why is it that I can google all the military installations and up comes all the details the taliban would ever need!! I don't think we have four star generals who can publicise more than what google is doing. The only thing google is motivated to do is control what they perceive as their internet!!!
  • What scares me

    Tailored ads aren't what scare me. What scares me is the massive amount of user data Google has amassed on every computer-using individual in the world. And more to the point, what a tempting target that data is to outside interests with more nefarious motives than the generation of advertising revenue.

    Things like encryption and forward secrecy somewhat mitigate my Google paranoia, and someday, I'll have enough trust in their security to resume using their services. But right now, I view them as an adjunct of the NSA (an unwilling one, maybe, but what difference does that make?).

    There's way too much useful data to be gathered from people's health-related and political activities, group affiliations, etc. It's not the fear of having Google serve me ads relating to my liberal political leanings, it's the idea that someday, there'll be another Nixon.
  • "-take your business elswhere"

    Yup! And that is what I did after reading Google's EULA. Bing may not be any better, but that's where I went, with Comodo Dragon as a browser. The only thing I miss is Google maps - but that is once in a blue moon.
  • incompatibility

    What I've found is I no longer use Chrome because Chrome will not allow me to access Google websites from search to email due to an SSL Certificate error. Chrome bugged out last month and I am re-learning how to use Firefox now. Unfortunately Firefox will not allow some frames to show up on Google sites, like blogger and blogspot, for instance. I may try Bing, though IQuick is a search engine I've used in the past and liked. I will likely have to get used to mapquest as well. I was comfortable with Chrome, it's a shame Google messed it up. I welcome a fix.
  • Wrong NIST reference

    Larry, you refer to NIST wanting to remove 1024-bit RSA by end of 2016, and your link is to NIST SP800-57. The date NIST recommends is the end of this month (so end of 2013), according to NIST SP800-131A (see It is Microsoft that is pushing end of 2016, if I recall correctly.