Yahoo! Mail Getting End-to-End Encryption in 2015, Security Chief Says
The popular Yahoo Mail service will be getting an end-to-end encryption option by next year, according to The Hacker News. Yahoo Chief Information Security Officer Alex Stamos made the announcement on Thursday at the BlackHat 2014 conference.
“If an activist in Sudan wants to email a human rights organization’s Gmail address and they have encryption set up for it, it will automatically detect that and offer them the option to encrypt,” Stamos said during a talk. “We have to make it clear to people it is not [a] secret you’re emailing your priest, but the content of what you’re e-mailing him is secret.”
Yahoo’s decision comes after Google announced the introduction of a PGP encryption plug-in for Gmail in June. The PGP plug-ins (Pretty-Good-Privacy) encrypt messages that can only be decrypted by the sender and recipient with their encrypted random-generated keys.
Like Google, Yahoo will most probably use the OpenPGP standard, as the company will work with Google and modify their plug-in to implement it into its mail services.
How does the PGP-encryption work? Let’s take the OpenPGP example:
The OpenPGP standard combines conventional and public-key cryptography into a hybrid cryptosystem, as it gives a basic pair of private-public keys and generates (temporary and random) session keys.
Let’s assume that user Alice wants to send a PGP-encrypted message to user Bob. Now the PGP algorithm compresses the plain text data and generates a session key, based on random mouse movements and keystrokes, for Alice to encrypt the plain-text data with it using a conventional algorithm. Now Alice has the encrypted message, known as cipher text.
Alice’s session key is then encrypted with Bob’s public key and sent along with the cipher text to Bob.
After Bob receives the cipher text and the encrypted session key, he uses his private key to recover the session key.
With the session key, Bob easily decrypts Alice’s message.
This is how the Yahoo Mail PGP-encryption plug-in is likely going to work. The implementation in the near future of a Yahoo Mail PGP-encryption plug-in is a great step ahead toward securing the privacy of users of web-based email services.