Google replaced the SSL certificates for its online services with new ones that use stronger, 2048-bit RSA keys, making encrypted connections to its sites safer against so-called brute-force attacks.
The company announced in May that it would increase the key length for its SSL certificates from 1024 bits to 2048 bits by the end of 2013.
"Coming in ahead of schedule, we have completed this process, which will allow the industry to start removing trust from weaker, 1024-bit keys next year," Google security engineer Dan Dulay said Monday in a blog post.
Until not long ago 1024-bit RSA keys were considered sufficiently strong because cracking them using brute force by systematically trying all possible combinations was viewed as impractical due to the computing power and time required. However, following the recent revelations about the mass data collection programs of the U.S. National Security Agency and its investments in groundbreaking cryptanalysis, that's no longer the case.
"After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break," Robert Graham, the CEO of security firm Errata Security, said in a blog post in September. "But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no 'breakthroughs,' the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips."
Increasing the key length for SSL certificates is not a new development, as many certificate authorities have stopped issuing new certificates with 1024-bit keys for a while. The Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, a set of guidelines published by the Certification Authority/Browser (CAB) Forum, states that all newly issued certificates that have a validity period ending after Dec. 31, 2013, should have 2048-bit RSA keys.
According to a November scan done by the SSL Pulse project, 96 percent of the Internet's top 162,480 HTTPS-enabled sites already use SSL certificates with 2048-bit keys.
"The deprecation of 1024-bit RSA is an industry-wide effort that we're happy to support, particularly in light of concerns about overbroad government surveillance and other forms of unwanted intrusion," Dulay said.
Google didn't rush to increase the key length earlier because its SSL configuration has been using the elliptic curve, ephemeral Diffie--Hellman (ECDHE) key-agreement protocol by default since 2011. This protocol has a property known as perfect forward secrecy (PFS) that makes it hard to decrypt previously captured traffic if the server's private key is compromised.
During an SSL handshake, the client generates a key for encrypting the session traffic and sends it to the server after encrypting it with the server's public key, which is available in the server's SSL certificate. The server then decrypts the session key chosen by the client with its secret private key and starts using it. This is known as the key agreement, where the client and server agree on a shared key.
Sign up for CIO Asia eNewsletters.