Google set to upgrade its SSL certs
Posted on 24 May 2013.
As a fine example of proactive security, Google has announced that it will be upgrading its SSL certificates to 2048-bit keys by the end of 2013.

"We will begin switching to the new 2048-bit certificates on August 1st, to ensure adequate time for a careful rollout before the end of the year," shared in a blog post Stephen McHenry, Director of Information Security Engineering at Google. "We’re also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key."

It's interesting to note that in 2005, the National Institute of Standards and Technology (NIST) expected that digital signature algorithms using 1024-bit keys, would either be broken or be in serious danger of being broken by 2010, but that didn't happen. In fact, adjusted predictions now point out to 2017 or 2018 as the year when that is expected to occur.

Nevertheless, NIST has decreed that “after December 31, 2013, key lengths providing less than 112 bits of security strength shall not be used to generate digital signatures," and that means 1024-bit keys as well.

2048-bit key transport schemes have a security strength of 112 bits, and Google is to be praised for taking NIST's recommendations into consideration and executing the change in due time.

Google has pointed out some of the problems that the change may produce, and has offered a FAQ addressing certificate changes, as well as instructions for app developers on how to adapt them to certificate changes.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th