------------------------------------------------- ------------------------------------------------- COLLOQUIUM REPORT
-------------------------------------------------

-------------------------------------------------
ON
-------------------------------------------------

-------------------------------------------------
Data Mining
-------------------------------------------------

-------------------------------------------------
Submitted as partial fulfillment for the award of
-------------------------------------------------

-------------------------------------------------
MASTER OF COMPUTER APPLICATIONS
-------------------------------------------------

-------------------------------------------------
DEGREE
-------------------------------------------------

-------------------------------------------------
Session 2012-13
-------------------------------------------------
By +
-------------------------------------------------
Jeetendra Kumar Maurya
-------------------------------------------------
1045914041
-------------------------------------------------

-------------------------------------------------
Under the guidance of
-------------------------------------------------
MR. Vinod Kumar (Sr. Asst. Professor)
-------------------------------------------------

-------------------------------------------------
ACADEMY OF BUSINESS & ENGINEERING SCIENCES
-------------------------------------------------
(MCA Institute), Ghaziabad (459) | | |
-------------------------------------------------

-------------------------------------------------
AFFILIATED TO
-------------------------------------------------
MAHAMAYATECHNICAL UNIVERSITY, NOIDA
-------------------------------------------------
(Formerly Uttar Pradesh Technical University)
-------------------------------------------------

-------------------------------------------------

ACKNOWLEDGEMENT

I, JEETENDRA KUMAR MAURYA, student of MCA-`A’, 6th semester, express my hearty gratitude and gratefulness to the staff, faculty and others who helped me during the course of completion of my Colloquium report on “128 BIT SSL ENCRYPTION” for their valuable contribution. I look forward to having your valuable suggestions and feedback on the same.

Many thanks to Prof. JAGDISH SINGH HOD of MCA Deptt. , ABES Engineering College, Ghaziabad for allowing us to work under this guidance in the organization.

Signature of Student (JEETENDRA KUMAR MAURYA)

STUDENT DECLARATION

I hereby declare that the study done by me on the colloquium topic presented in this report entitled “SILVER LIGHT” is an authentic record carried out under the supervision of Mr. “VINOD KUMAR”.

The matter embodied in this report has not been submitted by me for the award of any other degree.

Date : Signature of student (Jeetendra Kumar Maurya) (MCA)

This is to certify that the above statement made by the candidate is correct to the best of my knowledge.

Signature of HOD Signature of Supervisor
(Prof. JAGDISH SINGH) (Mr. ARJUN KUMAR) (MCA Deptt.) (ASST.PROFESSOR) (MCA)

Date............................

Table of Contents:

Abstract 1. Introduction 2. Biometric Systems 3. Biometric System Errors 4. A Comparison of Various Biometrics 5. Applications of Biometric Systems 6. Advantages and Disadvantages of Biometrics 7.1 Positive Recognition in Commercial Applications 7.2 Negative Recognition in Government and Forensic Applications 7. Limitations of (Unimodal) Biometric Systems 8. Multimodal Biometric Systems 9.3 Modes of Operation 9.4 Levels of Fusion 9.5 What to Integrate? 9. Social Acceptance and Privacy Issues 10. Summary

Conclusion
References

Abstract

SSL 128bit encryption is a technique to improve the security and confidentiality of user data. This article explains the technology at work behind the scenes of SSL encryption. It covers asymmetric and symmetric keys and how they work together to create an SSL-encrypted connection. It also covers different types of algorithms that are used to create these keys—including the mathematical equations that make them virtually impossible to crack.

Introduction

Stands for "Secure Sockets Layer." SSL is a secure protocol developed for sending information securely over the Internet. Many websites use SSL for secure areas of their sites, such as user account pages and online checkout. Usually, when you are asked to "log in" on a website, the resulting page is secured by SSL.
SSL encrypts the data being transmitted so that a third party cannot "eavesdrop" on the transmission and view the data being transmitted. Only the user's computer and the secure server are able to recognize the data. SSL keeps your name, address, and credit card information between you and merchant to which you are providing it. Without this kind of encryption, online shopping would be far too insecure to be practical. When you visit a Web address starting with "https," the "s" after the "http" indicates the website is secure. These websites often use SSL certificates to verify their authenticity.
While SSL is most commonly seen on the Web (HTTP), it is also used to secure other Internet protocols, such as SMTP for sending e-mail and NNTP for newsgroups. Early implementations of SSL were limited to 40-bit encryption, but now most SSL secured protocols use 128-bit encryption or higher.
Secure socket layer (SSL) is a security protocol which is used to provide security on the network. This security protocol will establish secure channel between two computers mainly client and server. This protocol will encrypt data while transmitting and decrypt after receiving without any errors. In this paper students can find what is ssl, security achieved by secured socket layer, confidentiality, message integrity, end point authentication. 128 bit SSL encryption is a technology which "scrambles" information while it is sent from one computer to another which prevents the information being viewed by a non-trusted third party. Secure Sockets Layer (SSL) technology is a security protocol that is today’s de-facto standard for securing communications and transactions across the Internet. SSL has been implemented in all major browsers and Web servers, and as such, plays a major role in today’s e-commerce and e-business activities on the Web. The SSL protocol uses digital certificates to create a secure, confidential communications “pipe” between two entities. Data transmitted over an SSL connection cannot be tampered with or forged without the two parties becoming immediately aware of the tampering. The newest version of the SSL standard has been renamed TLS (Transport Layer Security). You will often see these terms used interchangeably. Since the term SSL is more commonly understood, we will continue to use it throughout this paper. SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key so that even if someone did manage to decrypt a transaction, that would not mean that they would have found the server's secret key; if they wanted to decrypt another transaction, they'd need to spend as much time and effort on the second transaction as they did on the first. Of course, they would have first have to have figured out some method of intercepting the transaction data in the first place, which is in itself extremely difficult. It would be significantly easier to tap your phone, or to intercept your mail to acquire your credit card number than to somehow intercept and decode Internet Data.
Servers and browsers do encryption ranging from a 40-bit secret key to a 128-bit secret key, that is to say '2 to the 40th power' or '2 to the 128th power'. Many people have heard that 40-bit is insecure and that you need 128-bit to keep your credit card info safe. They feel that using a 40-bit key is insecure because it's vulnerable to a "brute force" attack (basically trying each of the 2^40 possible keys until you find the one that decrypts the message). This was in fact demonstrated when a French researcher used a network of fast workstations to crack a 40-bit encrypted message in a little over a week. Of course, even this 'vulnerability' is not really applicable to applications like an online credit card transaction, since the transaction is completed in a few moments. If a network of fast computers takes a week to crack a 40-bit key, you'd be completed your transaction and long gone before the hacker even got started.
What is SSL
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted.
SSL secures millions of peoples’ data on the Internet every day, especially during online transactions or when transmitting confidential information. Internet users have come to associate their online security with the lock icon that comes with an SSL-secured website or green address bar that comes with an extended validation SSL-secured website. SSL-secured websites also begin with https rather than http.
Digital Certificates
Digital certificates are electronic files that are used to identify people and resources over networks such as the Internet. Digital certificates also enable secure, confidential communication between two parties using encryption. When you travel to another country, your passport provides a way to establish your identity and gain entry. Digital certificates provide similar identification in the electronic world. Certificates are issued by a Certification Authority (CA). Much like the role of the passport office, the role of the CA is to validate the certificate holder’s identity and to “sign” the certificate so that it cannot be tampered with. Once a CA has signed a certificate, the holder can present their certificate to people, Web sites and network resources to prove their identity and establish encrypted, confidential communications.
A standard certificate typically includes a variety of information pertaining to its owner and to the CA that issued it, such as: x The name of the holder and other identification information required to identify the holder, such as the URL of the Web server using the certificate, or an individual’s e-mail address x The holder’s public key (more on this below), which can be used to encrypt sensitive information for the certificate holder x The name of the Certification Authority that issued the certificate x A serial number x The validity period (or lifetime) of the certificate (a start and an end date) In creating the certificate, this information is digitally signed by the issuing CA. The CA’s signature on the certificate is like a tamper-detection seal on packaging — any tampering with the contents is easily detected.
A standard certificate typically includes a variety of information pertaining to its owner and to the
CA that issued it, such as: * The name of the holder and other identification information required to identify the holder, such as the URL of the Web server using the certificate, or an individual’s e-mail address * The holder’s public key (more on this below), which can be used to encrypt sensitive information for the certificate holder * The name of the Certification Authority that issued the certificate * A serial number * The validity period (or lifetime) of the certificate (a start and an end date)
In creating the certificate, this information is digitally signed by the issuing CA. The CA’s signature on the certificate is like a tamper-detection seal on packaging — any tampering with the contents is easily detected. Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information.
Digital certificates are based on public-key cryptography, which uses a pair of keys for encryption and decryption. With public-key cryptography, keys work in pairs of matched “public” and “private” keys. In cryptographic systems, the term key refers to a numerical value used by an algorithm to alter information, making that information secure and visible only to individuals who have the corresponding key to recover the information.
The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Since these keys only work as a pair, an operation (e.g., encryption) done with the public key can only be undone or decrypted with the corresponding private key, and vice versa.
A digital certificate can securely bind your identity, as verified by a trusted third party, with your public key.

Certificates Come In
All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection.
SSL Certificate and How Does it Work?
SSL Certificates have a key pair: a public and a private key. These keys work together to establish an encrypted connection. The certificate also contains what is called the “subject,” which is the identity of the certificate/website owner.
To get a certificate, you must create a Certificate Signing Request (CSR) on your server. This CSR creates the private key and a CSR data file that you send to the SSL Certificate issuer (called a Certificate Authority or CA). The CA uses the CSR data file to create a public key to match your private key without compromising the key itself. The CA never sees the private key.
Once you receive the SSL Certificate, you install it on your server. You also install a pair of intermediate certificates that establish the credibility of your SSL Certificate by tying it to your CA’s root certificate. The instructions for installing and testing your certificate will be different depending on your server.
In the image below, you can see what is called the certificate chain. It connects your server certificate to your CA’s (in this case DigiCert’s) root certificate through a series of intermediate certificates.

The most important part of an SSL Certificate is that it is digitally signed by a trusted CA like DigiCert. Anyone can create a certificate, but browsers only trust certificates that come from an organization on their list of trusted CAs. Browsers come with a pre-installed list of trusted CAs, known as the Trusted Root CA store. In order to be added to the Trusted Root CA store and thus become a Certificate Authority, a company must comply with and be audited against security and authentication standards established by the browsers.
An SSL Certificate issued by a CA to an organization and its domain/website verifies that a trusted third party has authenticated that organization’s identity. Since the browser trusts the CA, the browser now trusts that organization’s identity too. The browser lets the user know that the website is secure, and the user can feel safe browsing the site and even entering their confidential information.
Since the Web server is the only one with access to its private key, only the server can decrypt the information. This is how the information remains confidential and tamper-proof while in transit across the Internet. The following diagram illustrates how a 128- or 256-bit SSL connection works:

SSL Certificate Create a Secure Connection?
When a browser attempts to access a website that is secured by SSL, the browser and the web server establish an SSL connection using a process called an “SSL Handshake” (see diagram below). Note that the SSL Handshake is invisible to the user and happens instantaneously.
Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa.
Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data.

1. Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself. 2. Server sends a copy of its SSL Certificate, including the server’s public key. 3. Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key. 4. Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session. 5. Server and Browser now encrypt all transmitted data with the session key.

Certificates are used in an SSL Transaction HOW?
Suppose Alice wants to connect to a secure Web site to buy something online: * When Alice visits a Web site secured with SSL (typically indicated by a URL that begins with “https:”), her browser sends a “Client Hello” message to the Web server indicating that a secure session (SSL) is requested. * The Web server responds by sending Alice its server certificate (which includes its public key). * Alice’s browser will verify that the server’s certificate is valid and has been signed by a Certification Authority (CA) like Entrust, whose certificate is in the browser’s database or that has been cross certified by a root whose certificate is in the browser’s database (and who Alice trusts). It will also verify that the CA certificate has not expired. * If the certificate is valid, Alice’s browser will generate a one-time, unique “session” key and encrypt it with the server’s public key. Her browser will then send the encrypted session key to the server so that they will both have a copy. * The server will decrypt the message using its private key and recover the session key. * At this point Alice can be confident about two things: * The Web site she is communicating with has been vetted to confirm the identity of the organization requesting the certificate and the domain on which the server has been established. * Only Alice’s browser and the Web server have a copy of the session key. Once the SSL “handshake” is complete, then a secure communications “pipe” is established. Alice’s browser and the Web server can now use the session key to send encrypted information back and forth, knowing that their communications are protected. The entire process of establishing the SSL connection typically happens transparently to the user and takes only seconds.
A key or padlock icon in the lower corner of the browser window identifies the security mode of a browser. When the browser is running in “normal” mode, the key looks broken or the padlock appears open or is not present. Once an SSL connection has been established, the key becomes whole, or the padlock becomes closed or appears, indicating that the browser is now in "secure" mode.
Public Trust
Public Trust is not a widely used term, but it is a useful concept. In this context, we define it as trust relationships built using certificates issued from CAs whose public keys are embedded in applications such as Web browsers. Without these embedded keys, consumers and end-users need to go to much more effort to establish basic trust in online services.
When a Web site does not have an SSL certificate signed by a CA whose root key is embedded in the browser, most Internet browsers will display a warning dialog box similar to that shown in Figure 1, which may lead the customer to question the trustworthiness of the site and abandon their transaction.

In contrast, if a user submits credit card or other information to a site with a valid SSL certificate and an SSL connection, the warning does not appear. The secure connection is seamless, making the online shopping experience more pleasant.
Before browser vendors will embed a CA’s public key (or ‘root key’) into their browser, they typically require the CA to be certified for compliance with the Web Trust for Certification Authorities audit criteria. A WebTrust Seal provides you with assurance and confidence in the security of a public key infrastructure (PKI).
Entrust was the first certification authority (CA) in the world to earn the WebTrust for Certification Authorities (CAs) Seal of Assurance in 2001 from the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
As examples of processes and procedures audited under WebTrust, Entrust will only issue an SSL certificate to your online business after it has performed the following verification procedures: * Verify your identity against third-party databases and confirm that your organization is listed in these databases * Confirm that that your organization has the right to use the domain name included in the certificate request * Verify that the individual who requested the SSL certificate on behalf of the organization was authorized to do so and is employed with that organization

If your site collects credit card information you are required by the Payment Card Industry (PCI) to have an SSL Certificate. If your site has a login section or sends/receives other private information (street address, phone number, health records, etc.), you should use SSL Certificates to protect that data.
Your customers want to know that you value their security and are serious about protecting their information. More and more customers are becoming savvy online shoppers and reward the brands that they trust with increased business.
The easiest way to check if your browser supports 128 bit SSL Encryption is to click the 'Login' button on the Northern Ireland Court Service Login page.
If your browser supports 128 bit encryption, you will be presented with the login screen asking you to input your Username and password. If your browser does not support 128 bit encryption, you will be presented with a white empty screen. You will need to upgrade your browser to a later version that supports 128 bit encryption.
For more information on how to check if your browser supports 128 bit encryption or how to upgrade you should go to the browser vendor's website.
Encryption
In an SSL-encrypted session, all data is encrypted using the symmetric encryption algorithm immediately before it is sent to the client. Data from the client is decrypted immediately after it is received. The encryption algorithm that is used for the connection depends on a combination of the encryption algorithm list the SSL subsystem supports, the list the server wants to use, and the encryption algorithms the client requests. During the SSL handshake the client sends a list of encryption algorithms it is willing to use. The server submits its list and the SSL subsystem picks an algorithm all parties support giving preference to the order specified by the server. If the server does not support any of the encryption algorithms requested by the client, the connection is closed. The Telnet, FTP and DCAS servers and the FTP client use the SSL support provided by the System Secure Sockets Layer (System SSL) element of z/OS®. The encryption algorithms supported by the servers and client are therefore dependent on the level of System SSL installed. The following encryption algorithms are supported by the base level of System SSL: NULL, RC2 export, RC4 export, DES. The System SSL Level 3 feature is required for Triple DES and RC4 non-export (128 bit) encryption algorithms. The encryption algorithm list can be customized for the servers and client to a subset of the System SSL list. See the security information for the appropriate server or client for specific server and client statements used for encryption list creation.
Encryption is provided either by BSafe software shipped with System SSL or by hardware. There is no TCP profile definition that controls whether the cryptographic hardware will be used for secure connections. When SSL initialization has completed, System SSL checks if ICSF is installed and active and if the hardware is enabled and loaded with the necessary Master Keys. If the hardware is not available at that time, all subsequent encryption is performed using software. If hardware is valid and ICSF is active at that time, the public key functions required during the SSL handshake and requests for encryption using DES and Triple-DES algorithms will be sent to the hardware. Otherwise, all cryptographic functions will be performed by software. Encryption requests using RC2 or RC4 algorithms are always performed by software. Also note that if ICSF subsequently becomes unavailable, System SSL will assume the hardware encryption is still wanted and encryption processing using DES or Triple-DES algorithms will fail until access to the hardware is restored. If subsequent session handshakes are attempted, they will also fail. Completion of SSL initialization is different for each server and client. See the security information for the appropriate server or client to understand when SSL initialization is complete and how to refresh SSL.

Asymmetric Encryption
Asymmetric encryption (or public-key cryptography) uses a separate key for encryption and decryption. Anyone can use the encryption key (public key) to encrypt a message. However, decryption keys (private keys) are secret. This way only the intended receiver can decrypt the message. The most common asymmetric encryption algorithm is RSA; however, we will discuss algorithms later in this article.

Asymmetric keys are typically 1024 or 2048 bits. However, keys smaller than 2048 bits are no longer considered safe to use. 2048-bit keys have enough unique encryption codes that we won’t write out the number here (it’s 617 digits). Though larger keys can be created, the increased computational burden is so significant that keys larger than 2048 bits are rarely used. To put it into perspective, it would take an average computer more than 14 billion years to crack a 2048-bit certificate.

Symmetric Encryption
Symmetric encryption (or pre-shared key encryption) uses a single key to both encrypt and decrypt data. Both the sender and the receiver need the same key to communicate.

Symmetric key sizes are typically 128 or 256 bits—the larger the key size, the harder the key is to crack. For example, a 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 encryption code possibilities. As you can imagine, a ‘brute force’ attack (in which an attacker tries every possible key until they find the right one) would take quite a bit of time to break a 128-bit key.
Whether a 128-bit or 256-bit key is used depends on the encryption capabilities of both the server and the client software. SSL Certificates do not dictate what key size is used.

Which Is Stronger?
Since asymmetric keys are bigger than symmetric keys, data that is encrypted asymmetrically is tougher to crack than data that is symmetrically encrypted. However, this does not mean that asymmetric keys are better. Rather than being compared by their size, these keys should compared by the following properties: computational burden and ease of distribution.
Symmetric keys are smaller than asymmetric, so they require less computational burden. However, symmetric keys also have a major disadvantage—especially if you use them for securing data transfers. Because the same key is used for symmetric encryption and decryption, both you and the recipient need the key. If you can walk over and tell your recipient the key, this isn’t a huge deal. However, if you have to send the key to a user halfway around the world (a more likely scenario) you need to worry about data security.
Asymmetric encryption doesn’t have this problem. As long as you keep your private key secret, no one can decrypt your messages. You can distribute the corresponding public key without worrying who gets it. Anyone who has the public key can encrypt data, but only the person with the private key can decrypt it.
How SSL Uses both Asymmetric and Symmetric Encryption
Public Key Infrastructure (PKI) is the set of hardware, software, people, policies, and procedures that are needed to create, manage, distribute, use, store, and revoke digital certificates. PKI is also what binds keys with user identities by means of a Certificate Authority (CA). PKI uses a hybrid cryptosystem and benefits from using both types of encryption. For example, in SSL communications, the server’s SSL Certificate contains an asymmetric public and private key pair. The session key that the server and the browser create during the SSL Handshake is symmetric. This is explained further in the diagram below.

1. Server sends a copy of its asymmetric public key. 2. Browser creates a symmetric session key and encrypts it with the server’s asymmetric public key. 3. Server decrypts the asymmetric public key with its asymmetric private key to get the symmetric session key. 4. Server and Browser now encrypt and decrypt all transmitted data with the symmetric session key. This allows for a secure channel because only the browser and the server know the symmetric session key, and the session key is only used for that session. If the browser was to connect to the same server the next day, a new session key would be created.

Public-Key Encryption Alogrithms
Public-key cryptography (asymmetric) uses encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) to create the public and private keys. These algorithms are based on the intractability* of certain mathematical problems.
With asymmetric encryption it is computationally easy to generate public and private keys, encrypt messages with the public key, and decrypt messages with the private key. However, it is extremely difficult (or impossible) for anyone to derive the private key based only on the public key.

RSA
RSA is based on the presumed difficulty of factoring large integers (integer factorization). Full decryption of an RSA ciphertext is thought to be infeasible on the assumption that no efficient algorithm exists for integer factorization.
A user of RSA creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message, but only someone with knowledge of the prime factors can feasibly decode the message.
RSA stands for Ron Rivest, Adi Shamir, and Leonard Adleman— the men who first publicly described the algorithm in 1977.

Pre-Shared Key Encryption Algorithms
Pre-shared key encryption (symmetric) uses algorithms like Twofish, AES, or Blowfish, to create keys—AES currently being the most popular. All of these encryption algorithms fall into two types: stream ciphers and block ciphers. Stream ciphers apply a cryptographic key and algorithm to each binary digit in a data stream, one bit at a time. Block ciphers apply a cryptographic key and algorithm to a block of data (for example, 64 sequential bits) as a group. Block ciphers are currently the most common symmetric encryption algorithm.

Elliptic Curve Cryptography (ECC) Algorithm * An ECC certificate is included at no additional cost with all Symantec Premium SSL certificates. * ECC provides stronger security and increased performance: it offers better protection than currently adopted encryption methods, but uses shorter key lengths (e.g. 256 bit ECC key provides the same level of security as 3,072 RSA key). The result? Stronger security that can handle the explosion in mobile device and tablet connections. * Requires fewer server processing cycles, allowing for more simultaneous SSL connections and faster processing. * ECC key lengths increase at a slower rate than other encryption method keys as security levels increase, potentially extending the life of your existing hardware and giving you a greater return on your investment. * Symantec's ECC certificate roots have been in place for over five years: You can be confident that your ECC certificate will work throughout your ecosystem * US Government approved: ECC is FIPS-certified (US Federal Information Processing Standard) and endorsed by the US National Security Agency.

Digital Signature Algorithm (DSA) * A DSA certificate is included at no additional cost with all Symantec Standard and Premium SSL certificates. * Delivers the same level of security and performance as the RSA algorithm, but uses a different algorithm for signing and encryption. * Offers a broader array of encryption options: You can install just RSA, just DSA, or both to enhance website security. (Apache server can support both RSA and DSA certificates in tandem on a single web server.) * Gives you more choices and greater flexibility to help make it easier to keep up with evolving national government requirements. * Helps maximize your ecosystem reach to everyone with whom your company does business. * DSA is US Government approved: DSA was created by the NSA in 1991 and is US Defense Security Service and FIPS-certified.

128 bit secure encryption

SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key so that even if someone did manage to decrypt a transaction, that would not mean that they would have found the server's secret key; if they wanted to decrypt another transaction, they'd need to spend as much time and effort on the second transaction as they did on the first. Of course, they would have first have to have figured out some method of intercepting the transaction data in the first place, which is in itself extremely difficult. It would be significantly easier to tap your phone, or to intercept your mail to acquire your credit card number than to somehow intercept and decode Internet Data.
Servers and browsers do encryption ranging from a 40-bit secret key to a 128-bit secret key, that is to say '2 to the 40th power' or '2 to the 128th power'. Many people have heard that 40-bit is insecure and that you need 128-bit to keep your credit card info safe. They feel that using a 40-bit key is insecure because it's vulnerable to a "brute force" attack (basically trying each of the 2^40 possible keys until you find the one that decrypts the message). This was in fact demonstrated when a French researcher used a network of fast workstations to crack a 40-bit encrypted message in a little over a week. Of course, even this 'vulnerability' is not really applicable to applications like an online credit card transaction, since the transaction is completed in a few moments. If a network of fast computers takes a week to crack a 40-bit key, you'd be completed your transaction and long gone before the hacker even got started.
Of course, using a 128-bit key eliminates any problem at all because there are 2^128 instead of 2^40 possible keys. Using the same method (a networked of fast workstations) to crack a message encrypted with such a key would take significantly longer than the age of the universe using conventional technology. Remember that 128-bit is not just 'three times' as powerful as 40-bit encryption. 2^128 is 'two times two, times two, times two...' with 128 two's. That is two, doubled on itself 128 times. 2^40 is already a HUGE number, about a trillion (that's a million, million!). Therefor 2^128 is that number (a trillion), doubled over and over on itself another 88 times. Again, it would take significantly longer than the age of the universe to crack a 128-bit key.

Key Size | | Possible Key Combinations | 2-bit | 2^2 | 2x2 | = 4 | 3-bit | 2^3 | 2x2x2 | = 8 | 4-bit | 2^4 | 2x2x2x2 | = 16 | 5-bit | 2^5 | 2x2x2x2x2 | = 32 | 6-bit | 2^6 | 2x2x2x2x2x2 | = 64 | 7-bit | 2^7 | 2x2x2x2x2x2x2 | = 128 | 8-bit | 2^8 | 2x2x2x2x2x2x2x2 | = 256 | 9-bit | 2^9 | 2x2x2x2x2x2x2x2x2 | = 512 | 10-bit | 2^10 | 2x2x2x2x2x2x2x2x2x2 | = 1024 | 11-bit | 2^11 | 2x2x2x2x2x2x2x2x2x2... | = 2048 | 12-bit | 2^12 | 2x2x2x2x2x2x2x2x2x2... | = 4096 | 16-bit | 2^16 | 2x2x2x2x2x2x2x2x2x2... | = 65536 | 24-bit | 2^24 | 2x2x2x2x2x2x2x2x2x2... | = 16.7 million | 30-bit | 2^30 | 2x2x2x2x2x2x2x2x2x2... | = 1 billion (1,073,741,800) | 40-bit | 2^40 | 2x2x2x2x2x2x2x2x2x2... | = 1 trillion (1,097,728,000,000) | 56-bit | 2^56 | 2x2x2x2x2x2x2x2x2x2.... | = 72 thousand quadrillion (71,892,000,000,000,000) | 128-bit | 2^128 | 2 multiplied by 2
128 times over. | = 339,000,000,000,000,000,000,000,000,000,000,000 (give or take a couple trillion...) |

Doing the math, you can see that using the same method that was used to break 40-bit encryption in a week, it would take about 72 million weeks (about 1.4 million years) to even break '56-bit medium' encryption and significantly longer than the age of the universe to crack a 128-bit key. Of course the argument is that computers will keep getting faster, about doubling in power every 18 months. That is true, but even when computers are a million times faster than they are now (about 20 years from now if they double in speed every year), it would then still take about 6 thousand, trillion years, which is about a million times longer than the Earth has been around. Plus, simply upgrading to 129-bit encryption would take twice as long, and 130-bit would take twice as long again. As you can see, it's far easier for the encryption to keep well ahead of the technology in this case. Simply put, 128-bit encryption is totally secure.

Conclusion:
The Internet, Intranets, Extranets and wireless networks are re-defining how companies communicate and do business. As the value of business relationships and transactions increase, so do the associated risks and security requirements. By protecting the security of online payments, businesses can reduce risk and reach a larger market. SSL security is a standard and a minimum requirement for those that conduct transactions online. Almost all legitimate and trustworthy businesses use SSL security to secure their Web site. The protocol is designed to support a range of choices for specific algorithms used for cryptography, digests and signatures. This allows algorithm selection for specific servers to be made based on legal, export or other concerns and also enables the protocol to take advantage of new algorithms. Choices are negotiated between client and server when establishing a protocol session.
References:

1. Bruce Schneier, Applied Cryptography, 2nd Edition, Wiley, 1996. See http://www.counterpane.com/ for various other materials by Bruce Schneier. 2. Public Key Cryptography Standards (PKCS), RSA Laboratories Technical Notes, http://www.rsasecurity.com/rsalabs/pkcs/. 3. Kipp E.B. Hickman, The SSL Protocol, 1995. http://www.netscape.com/eng/security/SSL_2.html. 4. Alan O. Freier, Philip Karlton, Paul C. Kocher, The SSL Protocol Version 3.0, 1996. http://www.netscape.com/eng/ssl3/draft302.txt. 5. RSA Laboratories. PKCS #1: RSA Encryption Standard, Version 1.5, November 1993. 6. RSA Laboratories. PKCS #6: Extended-Certificate Syntax Standard, Version 1.5, November 1993. 7. R. Rivest. RFC 1321: The MD5 Message Digest Algorithm. April 1992. 8. R. Rivest. RFC 1319: The MD2 Message Digest Algorithm. April 1992. 9. B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Published by John Wiley & Sons, Inc. 1994. 10. M. Abadi and R. Needham. Prudent engineering practice for cryptographic protocols. 1994.