Google strengthens SSL security with 2048 bit keys
To improve the security of its SSL certificates, Google will gradually adopt encryption keys by 2048 against 1024 bits.
After imposing the encryption of its services due to his troubles with the Chinese government, Google plans to strengthen the security of its SSL certificates (Secure Sockets Layer). These certificates are used to encrypt traffic and verify the integrity of the various stakeholders. Its strength lies in the length of the private key used as signing certificates.
Keys less than 1024 bits are now considered low and the Mountain View company that usually used the encryption level will increase to 2048 bits, writes Stephen McHenry, director of security engineering at Google in a blog post. "We will begin the conversion to 2048-bit certificates from 1 August to make a careful and full deployment by the end of the year." He adds, "we will also change the root certificate that signs all our SSL certificates, since it includes a 1024-bit key."
The official said that most of the client software will not be impacted by the change, but the software embedded in some phones, printers, set-top boxes, game consoles and cameras may have problems. Stephen McHenry explained that the terminals that connect to Google SSL will support the normal validation of the certificate chain, but also update a wide range of root certificates and the support (Subject Alternative Names) SAN, which allows an SSL certificate to validate multiple hosts.
Still weaknesses in the SSL
The development of Google is cautious, but SSL has a few weaknesses. Hundreds of organizations around the world can issue SSL certificates that are attached to a so-called certificate authority. These intermediary organizations have been targeted by hackers with stolen or fraudulent certificates. Google has been the victim of such an attack in 2011 through the certification authority DigiNotar. Hackers have generated at least 500 fraudulent SSL certificates.
n 2009, security researcher Moxie Marlinspike has created a tool called SSLstrip which allows an attacker to intercept and cut an SSL connection. This can be sniffing all the data that the user sends to a fake site.
After imposing the encryption of its services due to his troubles with the Chinese government, Google plans to strengthen the security of its SSL certificates (Secure Sockets Layer). These certificates are used to encrypt traffic and verify the integrity of the various stakeholders. Its strength lies in the length of the private key used as signing certificates.
Keys less than 1024 bits are now considered low and the Mountain View company that usually used the encryption level will increase to 2048 bits, writes Stephen McHenry, director of security engineering at Google in a blog post. "We will begin the conversion to 2048-bit certificates from 1 August to make a careful and full deployment by the end of the year." He adds, "we will also change the root certificate that signs all our SSL certificates, since it includes a 1024-bit key."
The official said that most of the client software will not be impacted by the change, but the software embedded in some phones, printers, set-top boxes, game consoles and cameras may have problems. Stephen McHenry explained that the terminals that connect to Google SSL will support the normal validation of the certificate chain, but also update a wide range of root certificates and the support (Subject Alternative Names) SAN, which allows an SSL certificate to validate multiple hosts.
Still weaknesses in the SSL
The development of Google is cautious, but SSL has a few weaknesses. Hundreds of organizations around the world can issue SSL certificates that are attached to a so-called certificate authority. These intermediary organizations have been targeted by hackers with stolen or fraudulent certificates. Google has been the victim of such an attack in 2011 through the certification authority DigiNotar. Hackers have generated at least 500 fraudulent SSL certificates.
n 2009, security researcher Moxie Marlinspike has created a tool called SSLstrip which allows an attacker to intercept and cut an SSL connection. This can be sniffing all the data that the user sends to a fake site.
Google strengthens SSL security with 2048 bit keys
مراجعة من قبل fortech
ÙÙŠ
6:25 م
تصنيÙ: