Google Starts Upgrading Its SSL Certificates To 2048-bit Keys 118
An anonymous reader writes "Google today announced it has already started upgrading all of its SSL certificates to 2048-bit keys. The goal is to beef up the encryption on the connections made to its services. Google says the upgrade, which includes the root certificate that the company uses to sign all of its SSL certificates, will be completed 'in the next few months.' Previously, however, Google was more specific and said it was aiming to finish the process by the end of 2013."
Older PCs (Score:4, Insightful)
Key size not the flaw... (Score:5, Insightful)
The largest risk isn't during transmission, it is at the user's end... and Google's end. 2 million bit encryption wouldn't be enough if you had a keylogger, or if google got served a National Security Letter that it decided to honor.
WTF? (Score:2, Insightful)
Big deal. (Score:4, Insightful)
I've been using 4096 bit keys for over two years. Now if only /. would get into the act (I don't want freaks and weirdos at where ever I use the 'net to know a. what stories I read. b. whether I'm logged in or not. c. if I'm logged in, what my user name and password are).
Also, the moderators are all insufficiently like the "ideal" for their gender (whatever gender that is). E.g. the male identifying mods all have small penis'.
Re:and passing them to the NSA (Score:2, Insightful)
Not really. There are good reasons to encrypt, you just have to understand them.
The main thing you need to realize is that encrypting something only delays the disclosure of the data. It may take a LONG time to try all the available keys, but eventually a brute force attack will be successful. Of course, if it's going to average 100 years of effort, it may not be worth it to the attacker, or it may not matter what you bank account balance was by then.
Re:WTF? (Score:5, Insightful)
How the fuck is "by the end of 2013" more specific than "in the next few months"? First is a 5 month range, the second "generally" refers to a 2-4 month range. At worst there timeline response hasn't changed.
"By the end of 2013" specifies an exact point in time at which the project will be done - Dec 31st, 2013, if they slip past that date, then they are late. However, "in the next few months" is very non specific, with no universally accepted definition of what it means and can depend on the range being considered -- If I have big bag of M&M's and someone asks me for a "few", they'd probably be disappointed if I gave them 2 - 4. Since "few" is so non-specific, they could stretch it out to 5 months and still claim they are within a "few".
Re:Completely useless... (Score:5, Insightful)