Last year Google started to push the HTTPS protocol on many of their services which basically meant that users always connected to the https version of the site regardless of their own preference. Before that, https was only an option in a service's settings. Gmail users for instance were able to enable https for their account since 2008 which basically forced the use of https for that connection.
Https encrypts the traffic between the user's computer and the server. The core benefit here is that it protects the data from network snooping. That's handy if you are using a public computer, are in a computer network or do not want your ISP or your boss to find out what you are doing on a particular site that has https enabled.
Yesterday Google announced that they have enabled forward secrecy by default.
Most major sites supporting HTTPS operate in a non-forward secret fashion, which runs the risk of retrospective decryption. In other words, an encrypted, unreadable email could be recorded while being delivered to your computer today. In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today’s email traffic.
Forward secrecy requires that the private keys for a connection are not kept in persistent storage. An adversary that breaks a single key will no longer be able to decrypt months’ worth of connections; in fact, not even the server operator will be able to retroactively decrypt HTTPS sessions.
Perfect forward secrecy basically makes sure that attackers cannot use private keys that they have obtained in the future can not be used to compromise data that has been recorded in the past.
Forward secrecy has been enabled for Google Mail (Gmail) and other Google services that use the https including SSL search, Google Docs and Google+.
The only browsers currently supported are Google Chrome and Firefox on all platforms and Microsoft's Internet Explorer on Vista or later.
Google has also made available the work that they did on the open source OpenSSL library that made the implementation of forward secrecy possible. You can read the original announcement over at the Google Online Security blog.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.