Google implements "forward secrecy" in its encrypted traffic, releases improvements to SSL library for all to use

Google has changed its procedures to enable "forward secrecy" by default on all its search-traffic. This means that part of the key needed to decrypt the traffic is never stored, so that in the event that there is a security breach at Google, older, intercepted traffic can't be descrambled. It's the absolute best practice for secure communications, and Google is to be commended for adopting it.

Other web sites have implemented HTTPS with forward secrecy before — we have it enabled by default on — but it hasn’t yet been rolled out on a site of Google’s scale. Some sites have publicly resisted implementing forward secrecy because it is more CPU intensive than standard HTTP or HTTPS. In order to address that problem, Google made improvements to the open source OpenSSL library, and has incorporated those changes into the library for anybody to use.

Forward secrecy is an important step forward for web privacy, and we encourage sites, big and small, to follow Google’s lead in enabling it!

Long Term Privacy with Forward Secrecy



  1. You know what would REALLY impress me?  Some kind of ability to share articles on Google Reader.  What an incredible leap forward that would be!  #SourGrapes

  2. Seems to me that if someone breaks into Google, the goal is to get actual search data and not merely a private key to decrypt previously-snooped packets.  But still, this is a good step forward.

  3. So if the advantage of “forward secrecy” is that stored encrypted messages can never be decrypted later, this raises a question: why would a server ever bother to store an encrypted message that it can’t decrypt?

    If you don’t waste resources storing indecipherable information, it’s not only more efficient but also more secure against future singularity-era technologies that could break the encryption.  It’s not at all clear to me why a server would bother with the storage in the first place.

  4. I sad that everyone misses the key point here. Google is in the business of saving data for future use, including sales to governments. US government competes on save traffic by sniffing the traffic, something they are loath to admit (AT&T tapping in San Francisco springs to mind?). Since Google will retain the plaintext for traffic that they are party to (eg Gmail), this new scheme means that they will be the monopoly on that traffic data when it is desired by government later on. The NSA won’t have a copy. Google will able to sell it. And because government wants the data, but doesn’t want to disclose the extent of the privacy invasions, they are less likely to damage Google’s business model because they need the relationship.

  5. Forgive me, but aren’t Google still storing the originating IP for each search query?  

    So: yes, this is good, but it doesn’t mean make them anywhere near perfect…

  6. That’s nice. Meanwhile, they still do not support HTTPS for AdSense, forcing everyone using Google ads to leave their pages insecurely available via HTTP.

Comments are closed.