Levels of encryption - how browsers decide
Some historyPrior to January 2000, the US Government had relatively strict controls on the export of cryptographic software - this included Web browsers capable of making secure connections to Web servers. In practice, this meant that browser manufacturers generally produced two versions of their products; one for use in the US and Canada ('domestic'), which could use 'strong' encryption, and one for use outside North America which could only use 'weak' encryption. Likewise, companies producing Web servers who were based in North America also produced two versions of their servers, one of which could only use weak encryption for international customers, and one of which could use strong encryption for their local customers. (This gave an advantage to server software produced outside North America, because it could allow use of strong encryption outside the US and Canadian markets. In fact, Thawte produced such server software for a time, adapted from the Apache server and called Sioux.) 'Strong' and 'weak' encryption are, of course, relative terms. 40-bit encryption, which is what would normally be termed weak, still takes some effort to break - and even breaking a 40-bit key would only give you access to the data from one session of connection between a browser and a server, not all the data that had been encrypted. 128-bit encryption, which is usually termed strong encryption, is a good deal harder to break than 40-bit - 288 times, in fact. To all intents and purposes, 128-bit encryption is not breakable. Some browsers and servers currently available can use 256-bit encryption -- another 2128 times as hard to break as 128-bit encryption. Unless there are major advances in the particular areas of mathematics relating to cryptography, such encryption should be unbreakable for the foreseeable future. For approximately 18 months prior to the relaxation of the export regulations mentioned above, the US Government permitted a small number of certification authorities to issue certificates which could force an international (40- or 56-bit) web browser to use strong encryption where it would normally not have been permitted to do so. Initially these were only able to be issued to banks, financial institutions, medical institutions and the like; shortly thereafter the regulations on their issue were relaxed so that they could be issued to almost any organisation. Technically such certificates are called 'SGC' certificates - server-gated cryptography; Thawte's product name for them is 'SuperCerts'. In January 2000, the US relaxed its regulations on the export of cryptographic software, so that browser manufacturers no longer needed to produce two versions of their product; it was now permissible to export software that supported 128-bit encryption. Nevertheless there are still some Web browsers in use today which do not support it, usually because their users have not upgraded their browsers - either through choice or because they are not permitted to do so (e.g. in a commercial situation where users are not permitted to install new software themselves).
Most server certificates will allow a connection to be negotiated at whatever level of encryption the browser and server concerned can handle. If the server can handle 128-bit encryption (most modern web servers can; if yours cannot, there is almost certainly an upgrade available which will allow it to do so) and the browser is also capable of 128-bit encryption (i.e. it was produced within about the last eight years) then a 128-bit connection will be negotiated. If both the browser and the server can support 256-bit encryption, so much the better; that is what will be used. If either the browser or the server cannot handle 128-bit encryption, the session will be negotiated at the highest available level, either 56-bit or 40-bit encryption. Most organisations providing credit card merchant accounts currently require the use of 128-bit or better encryption when credit card details are being transmitted over the Internet. Most servers will allow you to restrict secure connections to 128-bit or better, either by setting a flag in the configuration details or by restricting the encryption ciphers that the server can use. In this case, people using older browsers which do not have 128-bit capability will not be able to connect securely to your site; if you expect that such users will form a noticeable part of your site's traffic, then you may wish to consider using a SuperCert instead. A SuperCert works in the same manner as a standard certificate except in the case where the browser is configured to recognise the step-up capability of the certificate, but doesn't natively support 128-bit encryption. Thawte SuperCerts will cause IE 5.01+ and Netscape 4.7+ to 'step up' and negotiate a 128-bit session even if they are theoretically 'international' browsers capable of 40- or 56-bit encryption only. For browsers older than that, the SuperCert will allow negotiation of a 40- or 56-bit session as usual. If you need to provide strong encryption for the widest possible audience, you will probably want a SuperCert; if you're less worried about the level of encryption provided, or if you know that everyone connecting to your site will be using modern browsers, then a different cert will probably do. If you require both an extended validation certificate and SGC capability, then you will need to speak to Verisign (Thawte's EV certificates do not include SGC capability). If you're not sure which type of certificate will suit you best, we'll be happy to talk you through it.
Last updated: March 24th 2008 © Copyright Herald Information Systems, 1999 - 2009. |
|