Security

Google Wave secured with 'crypto fairy dust'

  • Email a Friend
  • Print Page
Google Wave secured with 'crypto fairy dust'
5 comments in this discussion
"^^ Don't leave the responsibility in the end users hands, in the end it only endangers the rest of us as a result."
By Mordd
 
Related Articles
Breaking Stories
By Munir Kotadia
Oct 15, 2009 3:11 PM
Tags: google | wave | greg | privacy | encryption | whitelist | spoof | sniff | networking | services | security

Wave goodbye to email spoofing.

Google Wave, the search giant's email-like collaboration tool, has been designed to avoid common security issues associated with traditional email because it contains a 'sprinkle of crypto fairy dust', according to the product manager of the technology, who was speaking to media in Sydney today.

User privacy is a huge concern for Google, according to Greg D'alesandre, Google Wave product manager.

He said Wave has been built with two levels of security designed to stop criminals exploiting the technology by spoofing another account - pretending to be someone they are not - or by sniffing Wave traffic while it is travelling between users.

"It is relatively easy to fake - or spoof - an email address. One thing we built into the Wave protocol is what we call crypto fairy dust. This means every piece of information you are getting on a Wave from another Wave server has authentication information built into it.

"So you know you are getting the Wave from the person that is sending it to you and it has not changed mid-stream. This is a very big problem in current communication technologies - data can be changed mid stream and you will never know," said D'alesandre.

In addition, he said, all Wave traffic is encrypted using https.

"If somebody was watching packets passing between the computer and the Wave server, they wouldn't be able to decrypt the information.

"There are a lot of products where you can choose if you want to use https. If you are at an internet café and decide not to use [https], it means there is a possibility for somebody to sniff that traffic. We don't give you that option," said D'alesandre.

He admitted that forcing encryption on users slows the product down but he said it was a price worth paying.

"Even though it is slower we think it is important to do it anyway. We have built privacy concerns from the ground up rather than waiting till there are issues and addressing them afterwards," D'alesandre said.

Google Wave users will soon also have the option to whitelist people they want to collaborate with. This means only people on their whitelist will be able to contact them - everyone else will be ignored.

Google Wave is currently in a limited beta test. The company has not yet indicated when it will be opened to the general public.


 
Comments: 5
Thoughts on this article? Add a comment below.
tsemaj
Oct 15, 2009 5:07 PM
 Mun, I wasn't there - so I can't tell whether the "fairy dust" is meant to be evasive or derisive!
cootified
Oct 15, 2009 6:30 PM
 Google should make this encryption optional in settings. At the end of the day, its up to the user to "lock their doors" at night. There are alot of people who underestimate web security issues and naturally what you dont understand, you fear. There are some people out there who thinks everyone else is here to make their lives miserable.
tobygalino
Oct 16, 2009 8:11 AM
 cheers coot- users rely on the internet/computers/gadgets yet dismiss the responsibility of their maintenance.

At VeriSign we feel email services need to provide more robust forms of protection, ie. Extended Validation SSL, and two factor authentication, which also comes as a mobile app if you hang yourself "out to dry" on wifi. If all those email users had a 2FA token it wouldn't matter if their passwords were hacked.
tallguy
Oct 16, 2009 10:08 PM
 Maybe there is an alternate universe where average users take good care of their security. In the real world it is a great idea to take away the choice.
Mordd
Oct 18, 2009 7:37 PM
 ^^ Don't leave the responsibility in the end users hands, in the end it only endangers the rest of us as a result.
Comment:
Want to participate in the discussion?
Or log in now to comment
 
 
 
Top Stories
TIO website hit by malware
TIO website hit by malware
Weekend malware runs one new process per target machine.
 
Microsoft announces Azure launch date
Microsoft announces Azure launch date
Australia in second wave of country releases.
 
CBA embarks on "database-as-a-service"
CBA embarks on "database-as-a-service"
Analysis: How the bank intends to save megabucks.
 

Spotlightthe topics we're following

Latest Comments

"Hahahah...What a joke!! "Conroy had said that it was not possible to apply ISP-level filtering ..."
by gerson Feb 9, 2010 10:39 PM
 
"@@Comments, yes, and history keeps repeating itself. Remember the earlier pr-and-media-fuelled ..."
by anonymous Feb 9, 2010 6:40 PM
 
"I would have paid good money to be in court when that clanger dropped. Could you imagine, the ..."
by Private Citizen Feb 9, 2010 6:23 PM
 
"He is not yet listed on NBN Co. website as part of their team of executives (http://www.nbnco.com..."
by Private Citizen Feb 9, 2010 6:07 PM
 
"That would be the list leaked on wikileaks that the minister denied was the ACMA list. The same ..."
by Private Citizen Feb 9, 2010 5:17 PM

Plan Finder

Powered by WhistleOut

1) HTC Magic16 plans 2%
2) Nokia N9743 plans 9%
3) Nokia E7149 plans 1%
4) Apple iPhone 3GS 16GB30 plans 11%
5) Apple iPhone 8GB42 plans 5%
« 1 of »
1) iiNet32 plans 5%
2) Netspace36 plans 11%
3) TPG Internet19 plans 14%
4) Optus33 plans 1%
5) Telstra BigPond30 plans 2%

Mobiles | Broadband | Credit Cards

iTnews

Polls

What is the sweet spot for Apple's entry 16GB Wi-Fi iPad?
   |   View results
$549
  78%
 
$579
  10%
 
$619
  4%
 
$649
  3%
 
$699
  5%
TOTAL VOTES: 381

Vote
view previous polls »