Google is stepping up their security game in a big way for the second time this year: introducing a more secure browsing method known as forward secrecy in Gmail and a number of other Web-based services, according to a post on the GoogleOnlineSecurity blog.
In recent months, the Silicon Valley search giant addressed the immediate, implementing secure (HTTPS) browsing by default. Their latest move focuses on long-term data security, putting to rest almost any concerns that hackers could store encrypted communications then use improved technology in the future to crack it and view the contents.
“Forward secrecy requires that the private keys for a connection are not kept in persistent storage” explains Google Security Team member Adam Langley. “An adversary that breaks a single key will no longer be able to decrypt months’ worth of connections; in fact, not even the server operator will be able to retroactively decrypt HTTPS sessions.”
Sites operating in a non-forward secret fashion are vulnerable in that a malicious actor could record an email as it is delivered to your computer today. Then, years from now, that same person could harness increased computing power to break the server key and decrypt that message.
Among the services for which HTTPS forward secrecy is now live are Gmail, SSL Search, Docs, and Google+. Like in the case of default HTTPS adoption, the company is hopeful that others will follow their example, making forward secrecy the norm.