Skip to main content

Google Revamps Security in Gmail, Google+ and Docs for Future Readiness

Google, to prevent its current traffic from being decrypted in near future with technological advancement, has modified the method of encryption used by their HTTPS-enabled services that includes Gmail, Google+ and Docs.

Currently, most of the HTTPS implements use a private key that is known only by the owner of domain which generates session keys subsequently used for encryption of traffic between the servers and the clients of the servers. This process exposes the connections to the attack of so-called retrospective decryption.

To lessen this security risk Google implemented "an encryption property" also known as "forward secrecy" which includes using of different private keys for encryption of sessions and after a period of time they are deleted.

Adam Langley, member of Google's security team, said that, "In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today's email traffic," on the blog post of Google's Online Security Blog (opens in new tab).

According to Langley, via this method the attackers who somehow manage to get or steal any single key will not be able to get a significant amount of email traffic related to months of activity over the internet.

Ravi Mandalia

Ravi Mandalla was ITProPortal's Sub Editor (and a contributing writer) for two years from 2011. Based in Ahmedabad, India, Ravi is now the owner and founder of Parity Media Pvt. Ltd., a news and media company, which specializes in online publishing, technology news and analysis, reviews, web site traffic growth, web site UI. Ravi lists his specialist subjects as: Enterprise, IT, Technology, Gadgets, Business, High Net Worth Individuals, Online Publishing, Advertising, Marketing, Social Media, News, Reviews, Audio, Video, and Multi-Media. He has also previously worked as Dy. Manager - IT Security at (n)Code Solutions.