As attacks against cryptographic systems and the SSL infrastructure have advanced in recent years, experts have begun to fret about the future utility of the system. Companies that rely on the security of the SSL technology are beginning to take steps to address the issue, with the latest being Google, which is planning to change the length of the keys on all of its SSL certificates to 2048 bits.
SSL is the encryption system that’s used to secure Web transmissions betweens clients and servers. It’s used in a variety of applications, including online banking, shopping and other financial transactions. But it’s also used to secure connections for sensitive activities such as email, and Google offers SSL connections for most of its major online services. The company gives users the option of making SSL connections the default choice for Gmail, for example, and users also can connect to Google search over HTTPS.
To help ensure the future security of these services, Google plans to move from 1024-bit keys to 2048-bit keys by the end of 2013. The change in key length makes it much harder for an attacker to use known methods to break the key. As part of the change, Google is trying to make users aware of some potential software conflicts that may occur as a result of the longer key length.
“We will begin switching to the new 2048-bit certificates on August 1st, to ensure adequate time for a careful rollout before the end of the year. We’re also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key,” Stephen McHenry, Director of Information Security Engineering at Google, wrote in a blog post.
“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications.”
Specifically, McHenry said that clients must have the ability to support the normal validation of a certificate chain, along with including a properly extensive set of root certificates. There are a number of things that could cause certificate validation issues after the change, McHenry said, including clients that use hashes to match certificates exactly. Also, clients with hard-coded root certificates, such as those with certificates embedded in firmware, may run into problems.
In recent years there have been a number of attacks against both SSL implementations and the certificate authority infrastructure itself. Most of these attacks, including the BEAST attack and CRIME attack and the compromises at CAs such as DigiNotar, have been on the implementation of SSL/TLS or on the CAs that sell certificates. Attacks on the protocol itself haven’t been as common, mainly because it’s much easier to find vulnerabilities in implementations or clients. Google’s move to lengthen the keys on its SSL certificates will make it even more difficult for attackers to break the keys and impersonate a valid Google SSL certificate.