Security

What is SSL?

SSL stands for "Secure Sockets Layer". It is a protocol designed to enable applications to transmit information back and forth securely. Applications that use this protocol inherently know how to give and receive encryption keys with other applications, as well as how to encrypt and decrypt data sent between the two.

Some applications that are configured to run SSL include web browsers like Internet Explorer and Netscape, email programs like GroupWise, Outlook, and Outlook Express, FTP (file transfer protocol)programs, etc. These programs are automatically able to receive SSL connections.

To create an SSL connection, however, or to open a secure connection, your application must first have an encryption key assigned to it by a Certification Authority. Once it has a unique key of its own, you can establish a secure connection with every other application that can "speak" the SSL protocol.

SSL - A Quick History

In the earlier days of the World Wide Web, 40 bit keys were used. Each bit could contain a one or a zero -- which meant there were 240 different keys available. That's a little over one trillion distinct keys. The key is generated by the Certification Authority based on the domain and the configuration of the server it resides on. And because every domain name is, by nature, different, every key is different.

But because of the ever-increasing speed of computers, it became apparent that this wasn't secure enough. Conceivably, with the high-end processors that would come available in the future, hackers could eventually try every key until they found the proper one, which would allow them to decrypt and steal private data. It would take some time, but it was possible.

So the keys were lengthened to 128 bits. That's 2128 keys, or 340,282,366,920,938,463,463,374,607,431,768,211,456 unique encryption codes. (That's 340 trillion trillion trillion, for those of you keeping track at home.) It was determined that if computers kept advancing in speed as they have in the past, these 128 bit codes would remain secure for at least another decade, if it not longer. (At which point we may see a jump to256 bit or larger keys.)

SSL and Consumers

Modern web browsers automatically notify you when connection is insecure. As an E-Commerce customer you should NOT send your private information unless their browser assures you it's safe to do so! If a site is without secure SSL Encryption, simply shop elsewhere.