Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity

    Google Enables Forward Secret HTTPS for Google+, Search, Gmail

    By
    Clint Boulton
    -
    November 23, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Like Fox Mulder in the “X-Files,” Google (NASDAQ:GOOG) is fighting the future when it comes to securing email search and other Web services.

      The search engine provider, which last month made HTTPS encryption its default security mode for search, Nov. 22 said it has added forward secret HTTPS for Google+, Gmail, SSL Search and Docs, paving the way for more secure Web services in the future.

      Most major sites that support HTTPS, such as Facebook and Twitter, do so in a non-forward secret fashion. What this means is that encrypted, normally unreadable email could be recorded while being delivered to a computer today and decrypted in the future by knowledgeable attackers, when computers become much faster.

      To combat what it calls “retrospective decryption,” Google is using forward secrecy, which requires that the private keys for a connection are not kept in persistent storage.

      So when an adversary breaks a single key, he or she will longer be able to decrypt months’ worth of connections. Moreover, server operators themselves won’t be able to decrypt HTTPS sessions in the future.

      Google said forward secret HTTPS is now live for Gmail and many other Google HTTPS services such as SSL Search, Docs and Google+.

      Google’s Chrome and Mozilla’s Firefox Web browsers and Microsoft Internet Explorer (Vista or later) browsers support forward secrecy using elliptic curve Diffie-Hellman (ECDHE), a key agreement protocol that allows two parties possessing an elliptic curve public-private key pair to establish a shared secret over an insecure channel.

      Only Chrome and Firefox will initially use it by default with Google services because IE doesn’t support ECDHE and the RC4 software stream cipher.

      Users can check whether they have forward secret connections in Chrome by clicking on the green padlock in the address bar of HTTPS sites. Google’s forward secret connections will have a key exchange mechanism of ECDHE_RSA.

      Google Security team member Adam Langley also said Google has released the work that it did on the open-source OpenSSL library that led to forward secrecy HTTPS encryption.

      “We would very much like to see forward secrecy become the norm and hope that our deployment serves as a demonstration of the practicality of that vision,” added Langley, who provided more detail of Google’s security move on his personal blog.

      Google’s security team has been very active in trying to thwart some of the more mainstream attacks on its Web services.

      Google in April began work on two security projects to improve the public key infrastructure, which was rocked by the Comodo digital certificate spoofing incident in March.
      The Google Certificate Catalog is a database of all of the SSL certificates Google’s Web crawlers record in the DNS for the company’s search engine and Web services. The DANE Working Group at the IETF is intended to allow domain operators to publish information about SSL certificates used on their hosts.

      Clint Boulton
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×