Yahoo finally enables HTTPS encryption for email by default

Yahoo webmail users will get a significant security benefit with the company enabling encryption by default, but a security expert questions where is Yahoo's "perfect forward secrecy"?
Written by Liam Tung, Contributing Writer

From today, Yahoo will begin encrypting all email connections by default, offering its users the same additional security that Google rolled out for Gmail in 2010.

Yahoo has now enabled Secure Sockets Layer (SSL) — denoted by 'HTTPS' in browsers' URL bar — encryption by default for its roughly 200 million Yahoo Mail users, meeting the 8 January deadline it announced last October.

The change means that Yahoo Mail users no longer need to manually configure their accounts to enable SSL encryption for mail, which encrypts communications between the browser and Yahoo's web servers and is meant to ensure to the user the site they're communicating with really is what it claims to be.

"Anytime you use Yahoo Mail — whether it's on the web, mobile web, mobile apps, or via IMAP, POP or SMTP — it is 100 percent encrypted by default and protected with 2,048 bit certificates," Jeff Bonforte, Yahoo SVP of communication products, wrote in a company blog post.

While HTTPS by default is good news for Yahoo users, it's far less secure than earlier HTTPS implementations by Facebook, Twitter and Google, according to Tod Beardsley, metasploit engineering manager at Boston-based security firm Rapid7. 

"Yahoo's announcement that it has enabled HTTPS encryption for all Yahoo Mail users is not only too little too late, but also quite troubling. It appears that Yahoo is not supporting PFS (Perfect Forward Secrecy)," Beardsley told ZDNet. 

PFS would prevent what's known as "retrospective decryption", where an attacker has captured encrypted sessions today, but doesn't immediately have the private key to unseal it. If in the future the attacker does acquire the private key — say by hacking Yahoo's servers, or through a court order — they can decrypt the captured session. 

The temporary nature of the keys that are generated under PFS also make it a bigger hassle for an attacker if they do manage to capture the key, according to Beardsley. 

"With PFS, another encrypted session happens before the HTTPS session starts, using temporary keys that aren't used for anything else. Even if an attacker got a hold of that temporary key, it's only good for that session and that session only. They'd have to recover a new, unique key for every session they decrypt."

Google, Facebook, and Twitter on the other hand employ Elliptical Curve Diffie-Hellman Exchange, where they can generate a one-time key.

"I can't think of a legitimate reason to prefer this weaker encryption strategy," he said of Yahoo's implementation. 

Google enabled SSL by default for Gmail in 2010, SSL by default in search (for signed-in users) in 2011 and now makes all searches SSL by default. Also, in November it completed its upgrade of all SSL certificates to 2048-bit RSA, with the longer key lengths making it harder to crack SSL connections.

Yahoo's plans to encrypt mail by default came after the first leaks from Edward Snowden, revealing the US National Security Agency (NSA) spy programs that targeted major US internet companies.

The NSA has also prompted a bigger response from Yahoo, which since pledged to encrypt all data moving from the internet to its servers and all data moving between its datacentres, with the latter being a response to revelations of the NSA's 'Muscular' program, which exploited unencrypted links between datacentres of Yahoo and Google.

Editorial standards