Categories: Workspace

Google Doubling Strength Of SSL Keys For Privacy Boost

Google is upgrading all of its SSL certificates to 2048-bit keys by the end of 2013, which will make using its services more private.

The news came after Google’s chairman Eric Schmidt said the company has “a clear business incentive” to protect user privacy. It has been heavily criticised for allegedly doing the opposite in the past, with Microsoft hounding it in “Scroogled” marketing pushes noting how Google looks through people’s personal data for advertising purposes.

Yesterday evening, the tech titan said it would begin switching to the new 2048-bit certificates on 1 August, and its root certificate was included.

SSL certificates are used in a chain, designed to verify services delivered over HTTPS, with the root certificate having the final say on whether a service is trusted. By strengthening keys, Google is reducing the chance a hacker could crack them to snoop on communications.

Google SSL boost

There could be some technical issues for software makers hooking up to Google services, the firm admitted, but it has offered advice on its blog.

“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications,” said Stephen McHenry, director of information security engineering.

“This is more often true of client software embedded in devices such as certain types of phones, printers, set-top boxes, gaming consoles, and cameras.

“For a smooth upgrade, client software that makes SSL connections to Google (e.g. HTTPS) must:

  • Perform normal validation of the certificate chain;

  • Include a properly extensive set of root certificates contained. We have an example set which should be sufficient for connecting to Google in our FAQ. (Note: the contents of this list may change over time, so clients should have a way to update themselves as changes occur);

  • Support Subject Alternative Names (SANs).”

SSL security has been in the spotlight repeatedly in recent times. Many are interested in how the UK government plans to crack SSL communications if it gets the go ahead with its Communications Data Bill, otherwise known as Snoopers’ Charter. The proposed law would give police greater and faster access to citizens’ comms information.

The deep packet inspection technology is available to look into SSL traffic, however. Blue Coat is building up a significant portfolio that can probe encrypted packets travelling over SSL, having just bought Solera Networks, which claims to provide something akin to a digital video recorder (DVR) for the network.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

36 mins ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

1 hour ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

2 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

2 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

3 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

3 hours ago