Comments

http://compnetworking.about.com/od/networksecurityprivacy/l/aa011303a.htm

Posted by michaelcoyne

he early implementations of SSL in Web browsers, first Netscape 3 and then Microsoft Internet Explorer 3, used a 40-bit SSL encryption standard. Unfortunately, 40-bit encryption proved too easy to decipher or crack in practice. To decipher an SSL communication, one simply needs to generate the correct decoding key.

In cryptography, a common deciphering technique is brute-force decryption; essentially, using a computer to exhaustively calculate and try every possible key one by one. 2-bit encryption, for example, involves four possible key values:

00, 01, 10, and 11

3-bit encryption involves eight possible values, 4-bit encryption 16 possible values, and so on. Mathematically speaking, 2n possible values exist for an n-bit key.

While 240 may seem like a very large number, it is not very difficult for modern computers to crack this many combinations in a reasonable time period. The makers of Web browser software recognized the need to increase the strength of encryption and moved to a new standard, 128-bit encryption several years ago.

Compared to 40-bit encryption, 128-bit encryption offers 88 additional bits of key length. This translates to 288 or a whopping

309,485,009,821,345,068,724,781,056

additional combinations required for a brute-force crack.

In computer cryptography, a key is a long sequence of bits used by encryption / decryption algorithms. For example, the following represents a hypothetical 40-bit key:

00001010 01101001 10011110 00011100 01010101

A given encryption algorithm takes the original message, and a key, and alters the original message mathematically based on the key's bits to create a new encrypted message. Likewise, a decryption algorithm takes an encrypted message and restores it to its original form using one or more keys.

Based on the past history of improvements in computer performance, security experts expect that 128-bit encryption will work well on the Internet for at least the next ten years.

Posted by sagitraz