Millions of users of the World Wide Web rely on a single cryptographic protocol, SSL, to make secure connections to remote web servers. The flexibility and ease of use of SSL, which is built into browser and server software, gives them . . .
Millions of users of the World Wide Web rely on a single cryptographic protocol, SSL, to make secure connections to remote web servers. The flexibility and ease of use of SSL, which is built into browser and server software, gives them confidence in the security of their data. SSL is widely used and trusted, even by web users who are not aware of the details of how it works to secure their data.

Despite this confidence, the flexibility of SSL potentially leaves companies and their customers at risk. The SSL protocol does not mandate minimum key lengths to be used during the critical initial key exchange that begins each secure session. All too many servers still use insufficiently secure long-term keys.

While nearly all modern web browsers use sufficient security for the bulk of the data communication in each session, SSL allows for a variety of key lengths to be used in the key exchange process and it is this which creates risk.

The link for this article located at nCipher is no longer available.