http://www.theregister.co.uk/2011/11/22/google_perfect_secrecy/ By Dan Goodin in San Francisco The Register 22nd November 2011 Google engineers have enhanced the encryption offered in Gmail, Google Docs, and other services to protect users against retroactive attacks that allow hackers to decrypt communications months or years after they were sent. The feature, a type of key-establishment protocol known as forward secrecy, ensures that each online session is encrypted with a different public key and that corresponding private keys are never kept in long-term storage. That, in essence, means there's no master key that unlocks multiple sessions that may span months or years. Attackers who recover a key will be able to decrypt communications exchanged only during a single session. Google security guru Adam Langley said his team built the feature into Google's default SSL protection using a preferred cipher suite that's based on elliptic curve cryptography and the Diffie-Hellman key-exchange method. They have released their code as an addition to the OpenSSL library to reduce the work necessary for other websites to implement the protection. “We would very much like to see forward secrecy become the norm and hope that our deployment serves as a demonstration of the practicality of that vision,” Langley wrote in a blog post published on Tuesday. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Nov 22 2011 - 23:32:55 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 22 2011 - 23:34:37 PST