Google mail crypto tweak makes eavesdropping harder

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2011/11/22/google_perfect_secrecy/

By Dan Goodin in San Francisco
The Register
22nd November 2011

Google engineers have enhanced the encryption offered in Gmail, Google 
Docs, and other services to protect users against retroactive attacks 
that allow hackers to decrypt communications months or years after they 
were sent.

The feature, a type of key-establishment protocol known as forward 
secrecy, ensures that each online session is encrypted with a different 
public key and that corresponding private keys are never kept in 
long-term storage. That, in essence, means there's no master key that 
unlocks multiple sessions that may span months or years. Attackers who 
recover a key will be able to decrypt communications exchanged only 
during a single session.

Google security guru Adam Langley said his team built the feature into 
Google's default SSL protection using a preferred cipher suite that's 
based on elliptic curve cryptography and the Diffie-Hellman key-exchange 
method. They have released their code as an addition to the OpenSSL 
library to reduce the work necessary for other websites to implement the 
protection.

“We would very much like to see forward secrecy become the norm and hope 
that our deployment serves as a demonstration of the practicality of 
that vision,” Langley wrote in a blog post published on Tuesday.

[...]

_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn