 |
SSL Certificates FAQ
|
|
|
SSL Encryption - 128-bit Encryption
Questions
Is
128-bit SSL encryption really stronger than 40-bit SSL encryption?
What
level of encryption do I need for my Web site?
A
lot of companies advertise 128-bit certificates, but they don’t have
SGC. What is the difference between VeriSign’s SSL Certificates and
those of other providers?
What
do I need to know about Windows 2000 and 128-bit encryption?
Do
VeriSign’s SSL Certificates work with all browsers?
Answers
Is 128-bit SSL encryption really stronger
than 40-bit SSL encryption?
Absolutely. When an SSL handshake occurs between
a client and server, a level of encryption is determined by the browser,
the client computer operating system and the SSL Certificate. Low-level
encryption, 40 or 56 bits, is acceptable for sites with low-value information.
However, a hacker with the time, tools and motivation can crack the
code in a matter of minutes.
High-level encryption, at 128
bits, can calculate 288 times as many combinations as 40-bit
encryption. That’s over a trillion times a trillion times stronger.
That same hacker with the same tools would require a trillion years
to break into a session protected by an SGC-enabled certificate.
What level of encryption do I need for my
Web site?
Best security practices are
to install a unique certificate on each server and choose true-128-bit
or better encryption by purchasing an SGC-enabled
SSL Certificate. A unique certificate keeps your private keys protected,
and an SGC-enabled certificate ensures that every site visitor, no matter
what browser or operating system they use, connects at the highest level
of encryption their system is capable of. The level of protection needed
should be based on the value of your information and the perception
of your customers. You need 128-bit or better encryption if you process
payments, share confidential data, or collect personally identifiable
information such as National Insurance or tax reference number, postal
address or date of birth. You need 128-bit or better encryption if your
customers are concerned about the privacy of the data they send you.
A lot of companies advertise 128-bit certificates,
but they don’t have SGC. What is the difference between VeriSign’s SSL
Certificates and those of other providers?
Non-SGC SSL Certificates provide
a minimum of 40-bit and up to 256-bit SSL encryption. Site visitors
using certain older browsers and many Windows 2000 systems using Internet
Explorer will only receive 40- or 56-bit encryption unless they’re connecting
to an SGC-enabled SSL Certificate. VeriSign is the leading SSL provider
of SGC-enabled SSL Certificates, enabling 128- or 256-bit encryption
for over 99.9% of Internet users. (SGC:
Strongest SSL Encryption).
What do I need to know about Windows 2000
and 128-bit encryption?
Many Windows 2000 systems using
Internet Explorer will fail to step up to 128 bits unless they connect
to an SGC-enabled certificate, even if they’re using the most current
version of Internet Explorer. VeriSign is the leading SSL provider
of SGC-enabled SSL Certificates, enabling 128- or 256-bit encryption
for over 99.9% of Internet users. (SGC:
Strongest SSL Encryption.)
Do VeriSign’s SSL Certificates work with all
browsers?
VeriSign's SSL Certificates work with virtually
every Web browser that ever shipped and all popular Web browsers used
since 1996. VeriSign SSL Certificates offer the highest browser compatibility
achieved by any SSL Certificate. However, many browsers will not be
able to connect at 128-bit encryption unless there is an SGC-enabled
certificate on the server. Many millions of Internet users worldwide
still use these browsers. (SGC:
Strongest SSL Encryption.) Certain Internet Explorer browser
versions from 3.02 to 5.23 and Netscape browser versions from 4.02 to
4.72 will fail to use 128-bit encryption unless connecting to SGC-enabled
certificates. Internet Explorer versions prior to 3.02 and Netscape
versions prior to 4.02 are not capable of 128-bit encryption with any
SSL Certificate.
|
|
