{"id":2352,"date":"2013-05-27T10:00:11","date_gmt":"2013-05-27T14:00:11","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=2352"},"modified":"2013-05-27T10:00:11","modified_gmt":"2013-05-27T14:00:11","slug":"google-plans-to-beef-up-its-ssl-encryption-keys","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/05\/27\/google-plans-to-beef-up-its-ssl-encryption-keys\/","title":{"rendered":"Google plans to beef up its SSL encryption keys"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Google plans to upgrade the security of its SSL (Secure Sockets Layer) certificates, an important component of secure communications.
\nSSL certificates are used to encrypt communication and verify the integrity of another party with which a user is interacting. Its strength lies in the length of the private signing keys used for the certificates.
\nKeys that are less than 1,024 bits are considered weak, and 512- and 768-bit keys have been factored to reveal a private key. Google has been using 1,024-bit keys, but will move to 2,048-bit keys, wrote Stephen McHenry, Google’s director of information security engineering, in a blog post Thursday.
\n“We will begin switching to the new 2048-bit certificates on August 1st, to ensure adequate time for a careful rollout before the end of the year,” he wrote. “We’re also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key.”
\nMcHenry warned that most client software won’t have trouble with the change, but client software embedded in some phones, printers, set-top boxes, gaming consoles and cameras could have problems.
\nHe wrote that devices making SSL connections with Google will need to support normal validation of the certificate chain, maintain an extensive set of root certificates and support Subject Alternative Names (SANs), which allows one SSL certificate to validate several hosts.
\nGoogle’s move is prudent, but SSL still has other weak points.
\nHundreds of organizations around the world can issue SSL certificates that are tied back to a so-called Certificate Authority. These organizations, known as intermediates, have been targeted by hackers. Creating a fraudulent certificate SSL certificate can make it appear a person is visiting a legitimate website when in fact it is fraudulent.
\nGoogle was the victim of such an attack in 2011 after a Certificate Authority called DigiNotar was breached. Hackers generated at least 500 fraudulent SSL certificates, including one that was used in attempted man-in-the-middle attacks against Gmail users in Iran.
\nIn 2009, security researcher Moxie Marlinspike created a tool called SSLstrip, which allows an attacker to intercept and stop a SSL connection, although there is a fix that will block such an attack. Attackers using the tool can spy on whatever data is sent to a fake website.
\nvia Google plans to beef up its SSL encryption keys | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Google plans to upgrade the security of its SSL (Secure Sockets Layer) certificates, an important component of secure communications. SSL […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,10],"tags":[325,424,1024],"class_list":["post-2352","post","type-post","status-publish","format-standard","hentry","category-security","category-technology","tag-encryption","tag-google","tag-ssl"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-BW","jetpack-related-posts":[{"id":6634,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/15\/google-discovers-vulnerability-in-ssl-3-0-dubbed-poodle\/","url_meta":{"origin":2352,"position":0},"title":"Google discovers vulnerability in SSL 3.0 dubbed ‘Poodle’","author":"NCCT","date":"October 15, 2014","format":false,"excerpt":"Google has published details of a vulnerability in the design of SSL version 3.0. The attack, referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption), allows the plaintext of secure connections to be calculated by a network attacker according to a Google blog post on the matter. Despite the\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7112,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/10\/researchers-say-poodle-can-be-repurposed-to-attack-tls-10-percent-of-the-servers-vulnerable\/","url_meta":{"origin":2352,"position":1},"title":"Researchers say Poodle can be repurposed to attack TLS, 10 percent of the servers vulnerable","author":"NCCT","date":"December 10, 2014","format":false,"excerpt":"A couple of months after researchers at Google uncovered POODLE (Padding Oracle On Downgraded Legacy Encryption), a vulnerability in a specific version of the SSL protocol, security firm Qualys has announced that the issue also affects implementations of the TLS protocol. Poodle allows attackers to compromise the secure connection between\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6118,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/04\/is-your-dropcam-live-feed-being-watched-by-someone-else\/","url_meta":{"origin":2352,"position":2},"title":"Is your Dropcam live feed being watched by someone else?","author":"NCCT","date":"August 4, 2014","format":false,"excerpt":"Dropcam, the popular video monitoring camera, bills itself as \u201csuper simple security.\u201d But a pair of researchers plan to show at the Defcon hacking conference later this week how a Dropcam could be a weak point. Patrick Wardle and Colby Moore, both of whom work for security firm Synack, tore\u2026","rel":"","context":"In "Hardware"","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7965,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/02\/google-chrome-will-banish-chinese-certificate-authority-for-breach-of-trust-updated\/","url_meta":{"origin":2352,"position":3},"title":"Google Chrome will banish Chinese certificate authority for breach of trust [Updated]","author":"NCCT","date":"April 2, 2015","format":false,"excerpt":"Google's Chrome browser will stop trusting all digital certificates issued by the China Internet Network Information Center following a major trust breach last week that led to the issuance of unauthorized credentials for Gmail and several other Google domains. The move could have major consequences for huge numbers of Internet\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/handcuffs-640x301.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/handcuffs-640x301.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/handcuffs-640x301.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":5958,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/10\/crypto-certificates-impersonating-google-and-yahoo-pose-threat-to-windows-users\/","url_meta":{"origin":2352,"position":4},"title":"Crypto certificates impersonating Google and Yahoo pose threat to Windows users","author":"NCCT","date":"July 10, 2014","format":false,"excerpt":"People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties. A blog post published Tuesday by Google security engineer Adam Langley said\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/disguise-kit-640x728.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":6713,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/28\/rogue-tor-exit-node-server-added-malware-to-legitimate-downloads\/","url_meta":{"origin":2352,"position":5},"title":"Rogue Tor ‘exit node’ server added malware to legitimate downloads","author":"NCCT","date":"October 28, 2014","format":false,"excerpt":"The Tor Project has flagged a server in Russia after a security researcher found it slipped in malware when users were downloading files. Tor is short for The Onion Router, which is software that offers users a greater degree of privacy when browsing the Internet by routing traffic through a\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=2352"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2352\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=2352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=2352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=2352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}