#GoogleStudyOnCryptoSecurityChallenges

Expanded Analysis – Key Findings, Strategic Response, and Industry Recommendations

Background and Scope

Conducted by Google’s Security and Privacy Engineering teams in collaboration with the Open Source Security Foundation (OpenSSF) and Google Cloud, this study evaluates the cryptographic posture across Google’s internal infrastructure, consumer products (Chrome, Gmail, Android), cloud services, and the broader internet ecosystem. The study combines telemetry from billions of TLS connections, internal vulnerability databases, and lessons learned from large-scale post-quantum cryptography (PQC) experiments. Its goal is to identify systemic risks, measure the effectiveness of current mitigations, and provide a roadmap for achieving long-term cryptographic security.

---

1. The State of Cryptographic Vulnerabilities

Legacy Algorithms Still in Use

Despite industry-wide deprecation efforts, the study found that approximately 4% of TLS connections to Google services still rely on TLS 1.0 or 1.1, and a non‑trivial fraction of certificates (including some internal and third‑party certificates) continue to use SHA‑1 or RSA keys shorter than 2048 bits. While these numbers are declining, they represent persistent attack surfaces—especially in long‑lived IoT devices, legacy enterprise systems, and misconfigured cloud workloads.

Forward Secrecy Gaps

A significant finding is that many external services and some internal legacy components still use static RSA key exchange rather than ephemeral Diffie‑Hellman (ECDHE). This violates the principle of forward secrecy, meaning that if a server’s long‑term private key is compromised today, all past sessions can be decrypted. The study estimates that over 15% of the observed external servers connecting to Google APIs lack forward secrecy.