Google has this week announced via a blog post that it is enabling, forward secrecy by default on its Gmail service. Which will make sure that any emails you have written today will stay as safe in the future when faster and more powerful machines will become available that might be able to decrypt the security.
Google explains that initially, only Chrome and Firefox will use the new forward secrecy by default, when using Google services, as at the moment Microsoft’s Internet Explorer doesn’t support the combination of ECDHE and RC4. But Google do hope to be able to support Internet Explorer in the future.
Google explains:
“Most major sites supporting HTTPS operate in a non-forward secret fashion, which runs the risk of retrospective decryption. In other words, an encrypted, unreadable email could be recorded while being delivered to your computer today,” he wrote. “In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today’s email traffic.”
For reference Perfect Secrecy as explained on Wikipedia:
“Perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future”
For more information jump over to the Google Blog post.
0 comments