Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Starts Upgrading Its SSL Certificates To 2048-bit Keys

Posted by Soulskill on from the go-big-or-go-home dept.

An anonymous reader writes "Google today announced it has already started upgrading all of its SSL certificates to 2048-bit keys. The goal is to beef up the encryption on the connections made to its services. Google says the upgrade, which includes the root certificate that the company uses to sign all of its SSL certificates, will be completed 'in the next few months.' Previously, however, Google was more specific and said it was aiming to finish the process by the end of 2013."

21 of 118 comments (clear)

  1. Completely useless... by Anonymous Coward · · Score: 3, Informative

    If the NSA has the master key...

    1. Re:Completely useless... by telchine · · Score: 4, Funny

      It's called private key, you cretin. Now, go smoke some weed and don't bother the grown-ups will you?

      Let me draw you a picture...

      Me <---- (SSL) ----> Google ---- (SSL) ----> NSA

    2. Re:Completely useless... by Anonymous Coward · · Score: 2, Informative

      Actually...

      Me ----> (SSL) ----> Verisign ----> NSA ----> (SSL) ----> Google

    3. Re:Completely useless... by Penguinisto · · Score: 2

      Me NSA Google. isn't that why they call it MITM?

      Actually, it's AITM, or Agency In The Middle.

      But overall, the whole thread represents the wrong approach: If it's the SSL keys in TFA that are being borkified for NSA access, then the NSA would have to stick something between you and Google (and would have to host the SSL key itself, as well as the domain name), so you would be correct if that were the case.

      However? Not really sure that Google would want anyone else controlling their domain name/LBs/firewalls/etc, especially when it's easier for some governmental agency (e.g. the NSA) to simply latch onto Google's DB clusters. That way there's no need to compromise any keys.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    4. Re:Completely useless... by noh8rz10 · · Score: 5, Insightful

      I love how this is an article about how goog is increasing security, yet 95% of the posts are about NSA snooping. This is the flip side of the PRISM stuff - a company will never be able to prove that NSA is NOT snooping. Once the public loses faith, it will be really hard for a company to regain it. maybe this has already happened...

    5. Re:Completely useless... by Ash+Vince · · Score: 2

      I love how this is an article about how goog is increasing security, yet 95% of the posts are about NSA snooping. This is the flip side of the PRISM stuff - a company will never be able to prove that NSA is NOT snooping. Once the public loses faith, it will be really hard for a company to regain it. maybe this has already happened...

      Why should the company have to regain any trust anyway? The fact is the US government is currently mandating that they do all of this crap and issuing them with gag orders so Google can't tell anyone.

      The only way Google can get out of this is relocate their HQ to russia, exactly where the Brin family escaped from. Even if they did this it would probably be no better as Putin is not exactly Mr Privacy.

      The truth is that companies cannot do a damn thing providing congress and the supreme court keeps saying this stuff is all fine and dandy. The US Military and spy agencies calls the shots since 9 - 11. Sometimes I often wonder if they just sat back and watched it happen knowing it would strengthen their hand for decades.

      --
      I dont read /. to RTFA, I read /. to offend people in ignorance.
  2. Older PCs by MightyMait · · Score: 3, Insightful

    I wonder how this'll affect older PCs? Aren't SSL communications with larger keys more processor-intensive than when using a smaller key?

    --
    Nothing interesting to say...MUST...NOT...REPLY...ohtheheckwithit.
    1. Re:Older PCs by Anonymous Coward · · Score: 3, Funny

      If you really worry about SSL key lengths affecting your system performance. You probably should buy a new one.

    2. Re:Older PCs by tlhIngan · · Score: 5, Informative

      I wonder how this'll affect older PCs? Aren't SSL communications with larger keys more processor-intensive than when using a smaller key?

      Hardly anything, actually. The actual amount of encryption and decryption done using the RSA2048 key is quite small - really only about 128 to 256 bits or so.

      Public key encryption is horrendously slow, too slow for modern usage, so what happens is the bulk encryption is done via a symmetric cipher, typically AES these days (previously it was 3DES or DES). Of course, for symmetric ciphers to work, you need to share a key. So what happens is the client generates a key for AES, encrypts it with the RSA2048 public key, and sends it to the server. The server decrypts the key using its RSA2048 private key and then communications take place via AES and that shared key.

      The change from RSA1024 to RSA2048 should have minimal impact since it's only done on session setup while the actual communications use the far faster and more secure AES algorithm.

      (Yes, public key encryption is weaker - you need more bits for the key to have the same level of protection as a symmetric cipher using way less bits.).

  3. Key size not the flaw... by sabt-pestnu · · Score: 4, Insightful

    The largest risk isn't during transmission, it is at the user's end... and Google's end. 2 million bit encryption wouldn't be enough if you had a keylogger, or if google got served a National Security Letter that it decided to honor.

    1. Re:Key size not the flaw... by swillden · · Score: 2

      The root key is in an HSM, and can't be extracted. I think I can say that without compromising anything confidential.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  4. Not really. by Anonymous Coward · · Score: 5, Informative

    The initial connection setup will be more processor intensive (4x?) but the actual communications isn't done with public/private key encryption. The public/private keys are only used to verify the identity of the server and to exchange a symmetric (AES128 often) key. After the setup, the rest of the transfer will be no more complex and so shouldn't load your PC any more than before.

  5. Big deal. by magic+maverick+ · · Score: 3, Insightful

    I've been using 4096 bit keys for over two years. Now if only /. would get into the act (I don't want freaks and weirdos at where ever I use the 'net to know a. what stories I read. b. whether I'm logged in or not. c. if I'm logged in, what my user name and password are).

    Also, the moderators are all insufficiently like the "ideal" for their gender (whatever gender that is). E.g. the male identifying mods all have small penis'.

    --
    HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
    1. Re:Big deal. by slimjim8094 · · Score: 2

      Google uses ECDHE which makes their encryption dramatically more secure than the vast majority of others.

      --
      I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
  6. Re:Why is this news? by xatr0z · · Score: 2

    Yes, but unlike almost all other certificates and big websites Google uses elliptic curve diffie hellman, which means something like every user having their own key. That key also changes every day. So after breaking one they would only be able to intercept traffic form that user for 1 day.

    So google's certificates give much more security than other ones, even if they use 4096 bit keys.

  7. 2048 bytes? Pure blinkered American-centric bias.. by Dogtanian · · Score: 3, Funny

    The Yanks are so used to accessing Google on their bloated 2K TS-1000s, that they seem to have forgetten that those of us with the original British 1K ZX81 won't be able to access their website securely any more.

    I bet those tossers are so spoiled they have blackjack and hookers, and 16K rampacks on their servers. Hope someone wobbles them (*) and they lose all their data. Gits.

    (*) The rampacks, I mean. I've no idea what wobbling a hooker would do to your data.

    --
    "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
  8. Re:WTF? by hawguy · · Score: 5, Insightful

    How the fuck is "by the end of 2013" more specific than "in the next few months"? First is a 5 month range, the second "generally" refers to a 2-4 month range. At worst there timeline response hasn't changed.

    "By the end of 2013" specifies an exact point in time at which the project will be done - Dec 31st, 2013, if they slip past that date, then they are late. However, "in the next few months" is very non specific, with no universally accepted definition of what it means and can depend on the range being considered -- If I have big bag of M&M's and someone asks me for a "few", they'd probably be disappointed if I gave them 2 - 4. Since "few" is so non-specific, they could stretch it out to 5 months and still claim they are within a "few".

  9. Yeah guys by Meshugga · · Score: 2

    until you disclose how much data *exactly* of how many users on average you're handing over to LEOs per request, I'ma not gonna trust you ever again.

  10. Re:Doesn't need to... by Anonymous Coward · · Score: 2, Interesting

    A 768-bit RSA key was factored in late 2009. 1024-bit should be trivial for the NSA, although not trivial in the sense that they don't need to be selective about their target.

    Just because there's no known algorithm to factor primes easily doesn't mean that there aren't practical optimizations to help improve performance. Most of the time when you hear that it takes "thousands of years" to factor a prime number, the speaker is only taking into consideration the most brain dead methods. Cryptographers are continually advancing the state-of-the-art. Clock-for-clock, we can factor primes much faster today than just a few years ago. And you can imagine that the NSA is probably far ahead of academia, if only because as an engineering problem they have vastly more experience in the domain. 10% here, 10% there, and before you know it you've improved runtime by 1x, 2x, 10x, etc.

  11. Re:So ECC missed the boat by TechyImmigrant · · Score: 2

    1) Over conservative corporate lawyers who think ECC is a no-go land
    2) Fear, uncertainty and doubt about whether certicom will come after you with their lawyers
    3) Suspicion by tin foil hat bearers that the NSA are promoting elliptic curve algorithms (in RFC6090) they know how to break
    4) Engineers who don't know how to avoid stepping on patented parts of elliptic curve cryptography implementations.
    5) Obsolete operating systems that don't understand ECC certs
    6) Anything else I haven't thought of

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  12. Re:Doesn't need to... by steveb3210 · · Score: 4, Funny

    Most of the time when you hear that it takes "thousands of years" to factor a prime number

    Really? I can factor most primes in my head.. Semiprimes would be a different story...