What is SSL?

SSL stands for "Secure Sockets Layer". It is a protocol designed to enable applications to transmitinformation back and forth securely. Applications that use this protocol inherently know how to give andreceive encryption keys with other applications, as well as how to encrypt and decrypt data sent betweenthe two.

Some applications that are configured to run SSL include web browsers like Internet Explorer andNetscape, email programs like GroupWise, Outlook, and Outlook Express, FTP (file transfer protocol)programs, etc. These programs are automatically able to receive SSL connections.

To create an SSL connection, however, or to open a secure connection, your application must first havean encryption key assigned to it by a Certification Authority. Once it has a unique key of its own, youcan establish a secure connection with every other application that can "speak" the SSL protocol.


 

SSL - a Quick History

In the earlier days of the World Wide Web, 40 bit keys were used. Each bit could contain a one or azero -- which meant there were 240 different keys available. That's a little over one trillion distinctkeys. The key is generated by the Certification Authority based on the domain and the configuration of theserver it resides on. And because every domain name is, by nature, different, every key is different.

But because of the ever-increasing speed of computers, it became apparent that this wasn't secureenough. Conceivably, with the high-end processors that would come available in the future, hackers couldeventually try every key until they found the proper one, which would allow them to decrypt and stealprivate data. It would take some time, but it was possible.

So the keys were lengthened to 128 bits. That's 2128 keys, or 340,282,366,920,938,463,463,374,607,431,768,211,456unique encryption codes. (That's 340 trillion trillion trillion, for those of you keeping track at home.)It was determined that if computers kept advancing in speed as they have in the past, these 128 bit codeswould remain secure for at least another decade, if it not longer. (At which point we may see a jump to256 bit or larger keys.)


 

SSL and Consumers

Modern web browsers automatically notify you when connection is insecure. As an E-Commercecustomer you should NOT send your private information unless their browser assures you it'ssafe to do so!

If a site is without secure SSL Encryption, simply shop elsewhere.

 

Specials

Commerce Science Corporation
Bookmark and Share