Google Revamps Security in Gmail, Google+ and Docs for Future Readiness

Google, to prevent its current traffic from being decrypted in near future with technological advancement, has modified the method of encryption used by their HTTPS-enabled services that includes Gmail, Google+ and Docs.

Currently, most of the HTTPS implements use a private key that is known only by the owner of domain which generates session keys subsequently used for encryption of traffic between the servers and the clients of the servers. This process exposes the connections to the attack of so-called retrospective decryption.

To lessen this security risk Google implemented "an encryption property" also known as "forward secrecy" which includes using of different private keys for encryption of sessions and after a period of time they are deleted.

Adam Langley, member of Google's security team, said that, "In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today's email traffic," on the blog post of Google's Online Security Blog.

According to Langley, via this method the attackers who somehow manage to get or steal any single key will not be able to get a significant amount of email traffic related to months of activity over the internet.