Google Enables 'Forward Secrecy (PFS)' by 'Default' for HTTPS Services

Google today announced of enabling "forward secrecy" by default -- or Perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future.Forward secrecy requires that the […]

Google today announced of enabling "forward secrecy" by default -- or Perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future.

Forward secrecy requires that the private keys for a connection are not kept in persistent storage. An adversary that breaks a single key will no longer be able to decrypt months' worth of connections; in fact, not even the server operator will be able to retroactively decrypt HTTPS sessions.

Adam Langley, of Google Security Team, notes "Forward secret HTTPS is now live for Gmail and many other Google HTTPS services, like SSL Search, Docs and Google+."

Adding "Chrome, Firefox and Internet Explorer (Vista or later) support forward secrecy using elliptic curve Diffie-Hellman. Initially, only Chrome and Firefox will use it by default with Google services because IE doesn't support the combination of ECDHE and RC4," revealed Langley.

Google HTTPS Perfect Forward Secrecy (PFS)

"We've also released the work that we did on the open source OpenSSL library that made this possible. You can check whether you have forward secret connections in Chrome by clicking on the green padlock in the address bar of HTTPS sites. Google's forward secret connections will have a key exchange mechanism of ECDHE_RSA," Langley added.

"Most major sites supporting HTTPS operate in a non-forward secret fashion, which runs the risk of retrospective decryption. In other words, an encrypted, unreadable email could be recorded while being delivered to your computer today. In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today's email traffic."

"Forward secrecy has been used as a synonym for perfect forward secrecy, since the term perfect has been controversial in this context. However, at least one reference distinguishes perfect forward secrecy from forward secrecy with the additional property that an agreed key will not be compromised even if agreed keys derived from the same long-term keying material in a subsequent run are compromised.

Perfect Forward Secrecy (PFS) refers to the notion that compromise of a single key will permit access to only data protected by a single key. For PFS to exist the key used to protect transmission of data MUST NOT be used to derive any additional keys, and if the key used to protect transmission of data was derived from some other keying material, that material MUST NOT be used to derive any more keys. [Wkipedia]"

Also, note that Google is ending support for the Safe Browsing protocol version 1 on December 1 in order to focus resources on the new version 2 API and the lookup service.