Google Mistake Reveals Huge Email Security Flaw
Until recently, Google, Yahoo, eBay and Amazon were using weak cryptographic signatures to digitally "sign" their own emails — and they still would be had a Florida mathematician not discovered the glaring security hole.
Zachary Harris, a mathematics researcher and consultant in Jupiter, Fla., told Wired's Kim Zetter that it all began when he got an email from Google in December 2011 asking him if he'd be interested in a job.
The problem was that the email might not really have come from Google. Harris noticed that Google had been using 512-bit encryption to generate its email signatures, using a protocol called DomainKeys Identified Mail, or DKIM. And 512-bit DKIM can be easily cracked.
"A 384-bit key I can factor on my laptop in 24 hours," Harris told Wired. "The 512-bit keys I can factor in about 72 hours using Amazon Web Services for $75."
Harris didn't want the job, but he figured it could be fun if he spoofed Google's DKIM signature as well. So he forged two email messages, both of which included a link to his personal website.
One spoofed message looked like it came from Google co-founder Larry Page. The other looked as if it came from Page's counterpart Sergey Brin. He sent each spoofed email to the other man and waited for a response.
The response never came. But two days later, Google boosted its DKIM encryption to 2,048 bits.
Harris has since contacted other companies that he found to be using 512-bit DKIM encryption, including Yahoo, eBay, Twitter and Amazon.
He found that more financially oriented sites, including PayPal, US Bank and HSBC, used 768-bit keys.
"Those are not factorable by a normal person like me with my resources alone," Harris told Wired News. "But the government of Iran probably could."
Most of the companies Harris contacted have since upgraded their DKIM encryption standards, he told Zetter.