• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 9. Securing Your Internet Transa... > Key Lengths and Encryption Strength

Key Lengths and Encryption Strength

It is possible for several different ciphers to be used in an SSL transaction. In fact, SSL uses a combination of symmetric and public key ciphers to do its job (see Chapter 12 for a discussion of encryption). The main encryption that is provided by the tunnel is done using symmetric key cryptography. Both the browser and server share a secret key that can be used to encrypt and decrypt the information. This secret key is exchanged securely using public key cryptography.

Symmetric key cryptography is the process by which two or moreparties share the same encryption key. It's like when you share the same house key with people in your family. Only one key locks and unlocks the front door, but each member of the family has a copy of it. SSL uses symmetric key cryptography for one reason: performance. Good performance is critical to a Web server that serves up pages to thousands of visitors. For the server to handle the extra load of encrypting and decrypting information, it needs to streamline the process. Symmetric key cryptography provides a server the most secure method of encryption, combined with moderate decreases in performance. This is as opposed to public key cryptography, which tends to have a higher performance cost. Public key cryptography requires more work on the server's part. It's inevitable that performance will suffer; after all, it takes time and processing power to make the calculations that encrypt and decrypt information.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint