Internet users have spent the last week changing their passwords and checking their online accounts for potential hacks resulting from Heartbleed, a bug in the open-source security software OpenSSL that left nearly two-thirds of the Web vulnerable to malicious attacks.
Heartbleed has caused security nightmares for dozens of websites, especially since companies initially thought it was impossible to steal private certificate keys from servers. That assessment was quickly debunked—just ask the 900 Canadians that had their taxpayer data stolen by hackers over a six-hour period after the bug was publicly announced.
There is a silver lining to the madness, however: If websites are using encryption called perfect forward secrecy, there is no way for hackers to retroactively decrypt your data, even if they get control of your server’s private key.
What’s Wrong With HTTPS?
First, let’s get to know HTTPS, the connection that protects your data on most secure websites.
When you’re on a secure website using traditional HTTPS encryption, your username, password, and all other personal communications are supposedly safe from being intercepted and decrypted by hackers (or the NSA). OpenSSL made it possible for websites to deliver that secure connection, locking down the data sent to and from the browser and server.
Normally, when a secure connection is created, a website generates a master key between the browser and server—this master key is used to encrypt millions of sessions, not just yours. Since only the holder of the private key can “unlock” your session key, all your information is secure. But by exploiting the Heartbleed vulnerability, an attacker could access the website’s private key and then decrypt the information hidden in your session key.
That’s not all: Any recorded data from HTTPS servers can be retroactively decrypted using private keys exposed by Heartbleed, so if an eavesdropper has been recording website traffic for some reason, they could access the private keys for those sites thanks to Heartbleed.
Why Does Forward Secrecy Matter?
Now we know why HTTPS isn’t good enough to stop Heartbleed. So what can websites do about it?
Perfect forward secrecy is an encryption technique that prevents people from “unlocking” your private information history, even if they get their hands on the server’s private key. With forward secrecy, a new temporary session key is created each time you access a secure website, instead of relying on one master key. Essentially, it creates ephemeral encryption—where the keys disappear—so hackers can’t decrypt your data like they would with HTTPS.
“Forward secrecy gives you client and server that use a different method for agreeing on a session key,” said Timo Hirvonen, senior researcher at security firm F-Secure. “The main point there is the key that is used for decrypting that session is a short-lived key used only for that session.”
If we compare security to messaging apps, forward secrecy would be similar to Snapchat—once you’re done with the session, your key disappears. Websites that enabled forward secrecy disallowed hackers from unlocking any of the information they previously connected.
But it’s not just software vulnerabilities users have to worry about. Documents released by Edward Snowden reveal the National Security Agency vacuums up troves of encrypted data with the hopes of one day being able to crack it. Luckily for users, forward secrecy even prevents NSA agents from reading your email—a fear that no doubt pushed companies to rethink their encryption methods. (The NSA reportedly knew about Heartbleed before it was made public, a claim the agency flatly denies.)
Who Uses Forward Secrecy?
Forward secrecy is over 20 years old, but most websites don’t implement it. According to SSL Labs, over half of the most popular websites on the Web don’t implement forward secrecy, and just 42% of popular websites have some forward secrecy suites enabled.
Google, ever a pioneer in securing user information, made forward secrecy mandatory in November 2011. The company then published its work on OpenSSL with the hopes that other companies would follow suit.
Unfortunately, it took two more years for other tech giants to get on board.
In mid-to-late 2013, Facebook, Microsoft, and Twitter began expanding security to include forward secrecy, and earlier this year (just one week before Heartbleed was made public), Yahoo announced it would implement forward secrecy across many of its properties. Apparently it didn’t move quick enough: Yahoo Mail was one of the biggest services affected by Heartbleed.
One of the main reasons websites don’t use forward secrecy, according to Hirvonen, is because there is a performance penalty—it requires more CPU resources. If you think of a server like a human, enabling perfect forward secrecy requires more brain power than what it takes to enable HTTPS encryption.
Network engineer Vincent Bernat notes that forward secrecy can use up to 30% more CPU than traditional HTTPS security.
“Configuration shouldn’t be that difficult,” Hirvonen said. “It’s more about the CPU resources, hardware requirements, and the impact on performance.”
It also takes someone with knowledge of configuring website encryption to deploy forward secrecy. Assuming you have the desire and skill to implement it, you have to configure your server to select forward secrecy, and place the two most common cipher suites at the top of your list. Help Net Security provides a tutorial here.
Heartbleed reminded us all that our secure data is never as secure as we think it is on the Internet, and it will still be a while before the mess created by Heartbleed is entirely cleaned up.
As we’ve learned, however, there are some simple but significant steps that can improve how users are protected, and most of the big tech companies are leading the charge. Hopefully Heartbleed can act as a catalyst to prompt more websites to adopt forward security and make the Web—and our data—safe from harm.
Lead image courtesy of Alonis on Flickr