Wolfram Alpha

Never again are you going to get a Google Web site whose security certificate is protected with comparatively weak 1,024-bit encryption.

The Net giant has secured all its certificates with 2,048-bit RSA encryption keys or better, Google security engineer Dan Dulay said in a blog post Monday. Certificates are used to set up encrypted communications between a Web server and Web browser.

That means two things. First, traffic will be harder to decrypt since 1,024-bit keys aren't in use at Google anymore. Second, retiring the 1,024-bit keys means the computing industry can retire the technology altogether by declaring such keys untrustworthy.

Google has been aggressively moving to stronger encryption because of U.S. government surveillance by the National Security Agency. According to documents leaked by former NSA contractor Edward Snowden, the agency gathered bulk data off Internet taps, including unencrypted data sent between company data centers on its own network, and actively worked to undermine encryption.

Google said it beat its internal end-of-year deadline for the 2,048-bit move. It's also moved to encrypt its internal data transfer between data centers, a move that Yahoo also is making.

In other words, the Net's technology giants are working actively to make surveillance, authorized or not, significantly harder.

screenshot by Stephen Shankland/CNET

"Worry in Silicon Valley/Puget Sound: furor over NSA will cost billions cuz foreign customers fear US companies can't guarantee security," tweeted Strobe Talbott, president of analyst firm Brookings Institution, referring to the geographic regions where tech powers such as Google, Facebook, Yahoo, Microsoft, Twitter, Apple, LinkedIn, and Amazon are located.

There's a lot of work to be done yet, though. Google also supports a standard called "forward secrecy," which uses different keys for different sessions so that decrypting a single message doesn't mean previous messages can likewise be decrypted using the same key. But many other Net giants don't support forward secrecy -- though that's changing, too.