In recent weeks there has been some discussion in news outlets about SSL/TLS, which is used by many websites to encrypt the data being transferred between web servers and web browsers.
Since it’s theoretically possible for outsiders to break such encryption, an increasing number of people are requesting improved encryption methods.
What is SSL/TLS?
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic methods used to secure communication on the Internet. By using pairs of private and public keys, the web server and the client can securely encrypt and decrypt the data being transferred between two parties.
When a web browser connects to a website protected with SSL or TLS (indicated by a padlock icon in the browser) it receives the public key from the server, which is then used to encrypt the subsequent communication. The data can only be decrypted using the private key, which resides on the server.
The problem with keys
However, if someone was able to break in and copy the private key from a server, they would theoretically be able to decrypt any communication to/from that server — provided that they were also able to eavesdrop on the communication.
The solution: Unique keys
To counter this it’s recently become possible to configure web servers to issue a unique key pair for every single connection, and immediately destroy the keys once the session is complete.
This method is called Forward Secrecy because it prevents anyone from retroactively breaking the encryption.
Forward Secrecy on Runbox
Runbox has now implemented Forward Secrecy in order to further improve the security and privacy of our services. It’s now virtually impossible to eavesdrop on the data being transmitted between your web browser and Runbox’ web servers — and you don’t have to do anything in order to enjoy this new level of security.
For those who are interested in the technical details, here is an analysis of the security provided by https://runbox.com, which is now our main address:
https://www.ssllabs.com/ssltest/analyze.html?d=runbox.com
Continue Reading →