Rate this article: (14 votes, average: 4.64)
There are two possible reasons why you’re reading this post right now. The first is that you’re exploring SSL certificate options, and you stumbled across the term “128 bit SSL encryption.” The second possible case could be that you came across this term on an ecommerce site or somewhere else, and your sheer curiosity led you here.
In either case, you’ll have a good enough idea about 128 bit SSL encryption.
An SSL certificate protects your privacy by encrypting the data between a client (usually a web browser) and a web server. Thus, it prevents an ill-intended third party from stealing and tampering with the data in transit. Such security is necessary to protect users’ sensitive data such as credit card information, passwords, personal messages, etc.
But how does it work? Let’s break down this process into two basic steps:
When you visit a website through your web browser, it checks to see whether there’s an SSL certificate installed. If found, both the parties begin the communication process known as the SSL/TLS handshake. Once contact is established, the web browser validates the authenticity of the SSL/TLS certificate installed on the web server.
This communication between client and server is done through a cryptographic technique called asymmetric encryption, or what’s also known as public key encryption. This encryption method involves two keys for the encryption and decryption of the data. Public and private keys are different, yet they’re mathematically related to each other. The public key, as the name suggests, is public and is used by the client to encrypt the information. The private key, on the other hand, is kept by the server and is used to decrypt data.
Asymmetric encryption, through the use of the two keys, provides a unique way to validate the identities of both parties. Although this method is a more secure way of protecting the information, it takes significantly more time to encrypt and decrypt the data than another encryption method we’ll talk about momentarily. This would ultimately result in slower communication irrespective of internet speed. In other words, it’s not practical to use asymmetric encryption for each bit of information. But the problem is that we need it for validation of both the parties.
So, what’s the answer to this issue? The solution comes in the form of a session key — a generated third key that’s used for the remainder of the secure connection. This unique key is formed by both parties (server & client) and used for encryption for the rest of the session. This is called symmetric encryption.
The length key is usually of 128 or 256 bits, something we know you’re curious about since you’re still here and reading this article.
128 bit refers to the length of the symmetric encryption key (session key) that are used for encryption purpose. The higher the key length, the harder it’s for a hacker to crack it as there’s only one way to break this key — through trial and error (a brute-force attack, if you want to be technical). So, if an SSL certificate has a symmetric key of 128 bit length, it’ll have 2128 possible combinations — which is a HUGE number!
To crack this key, one must try most of these combinations.
Here are a few estimates for how long it would take to crack keys of various lengths:
|Key Size||Time to Crack|
|128-bit||1.02 x 1018 years|
|192-bit||1.872 x 1037 years|
|256-bit||3.31 x 1056 years|
Yes, with the computational capabilities of existing technologies, it’s impossible to crack the 128 bit key into a measurable timeframe. Even the fastest supercomputers in the world can’t do anything about it. So, your data is in safe hands.
As you can see in the above table, it’s harder to crack keys of higher lengths. However, don’t automatically assume that because you’re using 128-bit key that it means your encryption strength is 128 bits. That’s because, right now, you could be using 40-bit encryption with 128-bit SSL. Yes, that’s certainly possible if you haven’t configured your web server for 128-bit SSL encryption. The capabilities of your server and browser play a major role in determining the encryption strength.
So, to implement 128-bit SSL encryption, you must first configure your web server accordingly. Otherwise, you won’t achieve the full encryption strength your certificate is capable of.
The higher the key length, the harder it is to crack — this is the general rule of thumb that you need to remember. These days, most of the certificate authorities that issue SSL certificates have migrated from 128-bit to 256-bit as a standard for better security. However, cracking either of them is an impossible task until quantum computers come knocking. Until then, it’s all good.TYPES OF SSL CERTIFICATES
Get Comodo SSL certificates starting for as little as $7.27 per year!