Post by Admin on Jul 1, 2014 10:54:29 GMT -9
Microsoft expands the use of encryption on Outlook, OneDrive
by Peter Bright - July 1 2014, 11:23am ADT
Last December, Microsoft promised to expand its use of encryption for its cloud services to protect them from criminals and hackers (and, though the company didn't say so, spying governments). Today, it announced that it has reached a number of milestones in this ongoing effort.
Both inbound and outbound mail on the Outlook.com service will use TLS encryption when sending and receiving from servers that also support TLS. The company says that it has worked with a number of other mail providers, including Deutsche Telekom, Yandex, and Mail.Ru, to ensure that mail sent to and from these popular providers is encrypted in transit.
Outlook.com and OneDrive have also been updated to use perfect forward security (PFS). In PFS, the keys used for each connection are randomly generated on a per-session basis. This is important because it protects against bulk data collection. Without PFS, if a law enforcement agency or hacker can demand or steal the long-term key used to secure connections, they can use that key to decrypt all historic, recorded sessions. PFS prevents this; compromising one session's key only enables decryption of that session.
This will secure Web access, the OneDrive mobile clients, and the OneDrive desktop clients.
Microsoft is also using certificates with 2048 bit keys on both the Outlook.com and OneDrive Web front-ends, another change planned last December.
The company has opened what it calls a "Transparency Center" on its Redmond campus, with another planned in Brussels. Governments can visit the Transparency Centers and examine Microsoft's source code to assure themselves that there are no backdoors.
by Peter Bright - July 1 2014, 11:23am ADT
Last December, Microsoft promised to expand its use of encryption for its cloud services to protect them from criminals and hackers (and, though the company didn't say so, spying governments). Today, it announced that it has reached a number of milestones in this ongoing effort.
Both inbound and outbound mail on the Outlook.com service will use TLS encryption when sending and receiving from servers that also support TLS. The company says that it has worked with a number of other mail providers, including Deutsche Telekom, Yandex, and Mail.Ru, to ensure that mail sent to and from these popular providers is encrypted in transit.
Outlook.com and OneDrive have also been updated to use perfect forward security (PFS). In PFS, the keys used for each connection are randomly generated on a per-session basis. This is important because it protects against bulk data collection. Without PFS, if a law enforcement agency or hacker can demand or steal the long-term key used to secure connections, they can use that key to decrypt all historic, recorded sessions. PFS prevents this; compromising one session's key only enables decryption of that session.
This will secure Web access, the OneDrive mobile clients, and the OneDrive desktop clients.
Microsoft is also using certificates with 2048 bit keys on both the Outlook.com and OneDrive Web front-ends, another change planned last December.
The company has opened what it calls a "Transparency Center" on its Redmond campus, with another planned in Brussels. Governments can visit the Transparency Centers and examine Microsoft's source code to assure themselves that there are no backdoors.