40-bit ... 56-bit ... 128-bit ... What does it all mean?
With fraud and identity theft on the increase, encryption is becoming more and more commonplace in the online world. A lot of important data travels along the Net every day and intercepting it isn't difficult. The best we can hope for is that the data itself is protected from prying eyes by strong encryption that makes in worthless. However, not all encryption is the same.
How do you know you are protected?
There are a few things to look for.
- That the site you are visiting is prefixed by https:// all secure sites have this
- Look for the "locked" icon on the browser. Where this is and what it looks like depends on the browser you are using:
Internet Explorer 6
Netscape Navigator 7
NOTE: The icon in Opera 7 is near the address bar.
Different bit length
The other thing to bear in mind is what's know as key length or bit length. Hover over or double click on them and you will be presented with information about the encryption used. The most important piece of information is key length. Keys come in a variety of lengths:
What's the difference?
Key length refers to the total number of possible "keys" that exist to decrypt the data you are sending. The greater the number the greater the number of keys. The difference between them is staggering.
Number of Keys (approx)
Trying to guess the correct key for a 128-bit key is like trying to find one particular grain of sand in the Sahara Desert!
Nowadays 40-bit keys are considered too short to guarantee protection. Most online vendors, banks and other companies that use online security now make available 128-bit encryption as standard. If you find that you are only getting 40-bit of 56-bit keys then you might need to upgrade to high-security - more information on this is available from Microsoft and Netscape.
What should I do?
If you find you are using low key lengths while online, consider upgrading to a newer browser. This is the easiest way to ensure you have high-security installed. Also, check out sites you use, especially if they hold important information about you or take money off you - are they using high security? If not, you might want to reconsider using them - after all, if they don't care about your security, doesn't that say a lot about how they view you as a customer?
- Never disclose your passwords via email - even if you get an email asking you to! These requests are guaranteed to be bogus.
- Never submit credit card or bank account details via email - email is stored on various servers on the Net on its travels and these aren't as secure as you might think they are!
- Check that you are actually at the site you think you are on. There are many scammers and fraudsters out there that create genuine looking sites that are in fact fakes with the sole purpose of getting your username, passwords and account details. Check and double check the URL and check for encryption. If in doubt - don't use it!
- Be careful about using a system other than your own - cyber café PCs or a friend's system. It's really easy to grab passwords off a system and if the system isn't yours how can you fully trust it!
- Be vigilant - if you're not happy about something, follow your instinct!
Print This Page | Email me when this page changes | Search This Site