|
|
|
Question: How secure is the encryption used by SSL?
Answer: It would take significantly longer than the age of the universe to crack a 128-bit key.
SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http
transaction (both request and response). Each transaction uses a different session key so that even if someone did manage to decrypt
a transaction, that would not mean that they would have found the servers secret key; if they wanted to decrypt another transaction,
they would need to spend as much time and effort on the second transaction as they did on the first. Of course, they would have first
have to have figured out some method of intercepting the transaction data in the first place, which is in itself extremely difficult.
It would be significantly easier to tap your phone, or to intercept your mail to acquire your credit card number than to somehow
intercept and decode Internet Data.
Servers and browsers do encryption ranging from a 40-bit secret key to a 128-bit secret key, that is to say 2 to the 40th power or 2 to
the 128th power. Many people have heard that 40-bit is insecure and that you need 128-bit to keep your credit card info safe. They feel
that using a 40-bit key is insecure because it is vulnerable to a "brute force" attack (basically trying each of the 2^40 possible keys
until you find the one that decrypts the message). This was in fact demonstrated when a French researcher used a network of fast
workstations to crack a 40-bit encrypted message in a little over a week. Of course, even this vulnerability is not really applicable
to applications like an online credit card transaction, since the transaction is completed in a few moments. If a network of fast
computers takes a week to crack a 40-bit key, you would be completed your transaction and long gone before the hacker even got started.
Of course, using a 128-bit key eliminates any problem at all because there are 2^128 instead of 2^40 possible keys. Using the same
method (a networked of fast workstations) to crack a message encrypted with such a key would take significantly longer than the age of
the universe using conventional technology. Remember that 128-bit is not just three times as powerful as 40-bit encryption. 2^128 is
two times two, times two, times two... with 128 twos. That is two, doubled on itself 128 times. 2^40 is already a HUGE number, about
a trillion (this is a million, million!). Therefore 2^128 is that number (a trillion), doubled over and over on itself another 88 times.
Again, it would take significantly longer than the age of the universe to crack a 128-bit key.
Of course the argument is that computers will keep getting faster, about doubling in power every 6 to 18 months. That is true, but even
when computers are a million times faster than they are now (about 20 years from now if they double in speed every year), it would then
still take about 6 thousand, trillion years, which is about a million times longer than the Earth has been around. Plus, simply
upgrading to 129-bit encryption would take twice as long, and 130-bit would take twice as long again. As you can see, it is far easier
for the encryption to keep well ahead of the technology in this case. Simply put, 128-bit encryption is totally secure.
Question: How do I know if encryption is enabled or not?
Answer: Your Browser (Netscape or Internet Explorer) will tell you.
In Netscape versions 3.X and earlier you can tell what kind of encryption is in use for a particular document by looking at the
"document" information" screen accessible from the file menu. The little key in the lower left-hand corner of the Netscape window also
indicates this information. A solid key with three teeth means 128-bit encryption, a solid key with two teeth means 40-bit encryption,
and a broken key means no encryption. Even if your browser supports 128-bit encryption, it may use 40-bit encryption when talking to
other servers or to servers outside the U.S. and Canada. In Netscape versions 4.X and higher, click on the "Security" button to
determine whether the current page is encrypted, and, if so, what level of encryption is in use.
In Microsoft Internet Explorer, a solid padlock will appear on the bottom right of the screen when encryption is in use. To determine
whether 40-bit or 128-bit encryption is in effect, open the document information page using File->Properties. This will indicate
whether "weak" or "strong" encryption is in use.
Question: What about warnings or errors about the Secure Certificate?
Answer: Your personal Security settings will determine what warnings you see.
Depending on how your security settings are setup in your Browser, you may also see information about our Certificate when you enter the
secure directories. This information will usually include the Dates that the Certificate is valid for, the site name that the
Certificate has been issued to, and the Certificate Authority ("CA") that issued the Certificate. You can also usually view the
Certificate to see information about the various parties, including Bellisimo Bracelets, LLC and our CA.
The most common warning is that you have not previously chosen to Trust the authority. This is a normal warning if you have not already
purchased anything online from a Merchants certificate was issued by a Certificate Authority that you have not told your browser to
trust from now on. Of course, you may well have no errors, warnings or information screens at all - again, largely depending on the
security settings in your Browser.
In any case, the encryption level and the security is the same whether you have your settings low (don't warn me about anything) or
very high (warn and inform me about everything). Either way, your data is still encrypted and still secure.
If you have any questions after reviewing this short description of SSL technology, please use our "Contact Us"
page and we will answer any additional questions you might have.
|
|
|
|
|
|
|
|
Yes No';
}
function hide_confirm_link(pid) {
document.getElementById('confirm_link_'+pid).innerHTML='';
}
var sURL = document.URL.toString();
if (sURL.indexOf("?") > 0){
urlsplitter = '';
} else {
urlsplitter = '?';
}
document.write('');
//-->
|
|
|
|
|
|
|
|
:: 
Latest Products
