Google is changing the length of its encryption keys from 1,024-bit to 2,048-bit, including the root certificates that sign all SSL certificates. What are the practical effects of such a switch from a security perspective, including how enterprises can plan for the switch?
Ask the Expert
SearchSecurity expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email. (All questions are anonymous.)
The Certificate Authority/Browser Forum requires all certificate authorities (CAs) to start issuing certificates with a minimum 2,048-bit length by Jan. 1, 2014, and leading browser vendors will require websites to use 2,048-bit keys by the end of 2013.
Many websites have already upgraded their certificates, but because Google services are so ubiquitous, the search giant is flagging its changes to ensure a smooth migration. While most users will not notice anything different (client software like browsers will automatically update to accept the new certificates), some software and hardware -- such as games consoles, phones and cameras -- that rely on hard-coded lists of root certificates will not update automatically.
Enterprises using software built in-house that makes SSL connections to Google, must check to see if it relies on hard-coded SSL trust lists and should plan to update the lists, or better still, build SSL certificate flexibility into the software. Google has produced a frequently asked question (FAQ) page covering issues with the changes they are making along with examples of workarounds.
Although it's estimated that a 1,024-bit RSA key won't be broken within the next five years (768 bits is the largest RSA key known to have been cracked), it's only considered equivalent to 80 bits of security. Starting at the end of 2013, the U.S. National Institute of Standards and Technology (NIST) will not allow security strengths below 112 to be used within the federal government; those of 112 bits and above will be valid until the end of 2030.
While doubling key strength delivers an exponential increase in protection -- encryption strength is directly tied to key size -- the computational power required to process 2,048-bit certificates is five to 30 times greater than that for 1,024-bit certificates. Enterprises that operate high-volume sites and services need to ensure their infrastructure can handle larger key sizes. To avoid significant performance degradation, one potential option is to offload SSL processing to high-performance application delivery controllers (ADCs). These dedicated network devices include hardware-based SSL acceleration capable of handling far more SSL transactions per second than a general-purpose server.
Google began switching to the new 2,048-bit certificates on Aug. 1, and all certificates will be upgraded by the end of 2013. This includes the root certificate used to sign its SSL certificates, as it only has a 1,024-bit key.
Barring an unforeseen breakthrough in quantum computing, it should be some years before another upgrade is required.
This was first published in October 2013