Finishing ahead of its self-imposed year-end deadline, Google‘s security engineer Dan Dulay announced that the tech giant has successfully upgraded all its SSL certificates to the longer 2048-bit RSA. In the meantime, Yahoo is also stepping up its security game and plans to encrypt both internal and user data starting in the first quarter of 2014.
Security and privacy have always been within the interests of geeks, especially system administrators. Lately, however, it has entered into the awareness of the general public due to recent events and revelations, particularly those involving the US government and even some of its close allies. The privacy of data that travels over the Internet has become a rising concern, but laymen are left helpless but to either switch to different providers or to rely on industry giants to harden their security infrastructure and practices.
For its part, Google has sought to strengthen its SSL certificates by switching from 1024-bit to 2048-bit RSA keys. Doubling the key length will, hopefully, make it much harder to crack the encryption of sensitive data such as banking transactions, email, and others. The company announced in May that it has started the migration and expects to finish by the end of the year. It seems that Google has managed to finish earlier and will now start the next phase, that of issuing 2048-bit certificates for its websites and online services.
Yahoo is taking a similar road by moving to 2048-bit RSA as well. It was recently reported that Yahoo Mail encryption via SSL will be coming by January 8 next year. Now Yahoo CEO Marissa Mayer is announcing that the company will be taking further steps, encrypting all information that is exchanged internally between their data servers as well as giving users the option to encrypt data they send or receive from Yahoo. This are all scheduled to take place by early 2014.
Both Google and Yahoo have recently been reported to have been victims of the NSA who tapped into data connections located outside the country. Naturally, all entities denied being actively involved or complicit in any such activities.
VIA: SlashGear, Threatpost
