Encryption and Decryption
768
Managing Servers with Netscape Console • December 2001
cryptography. Client software such as Communicator can then use your public key
to confirm that the message was signed with your private key and that it hasn’t
been tampered with since being signed. “Digital Signatures” (beginning on page
769) and subsequent sections describe how this confirmation process works.
Key Length and Encryption Strength
In general, the strength of encryption is related to the difficulty of discovering the
key, which in turn depends on both the cipher used and the length of the key. For
example, the difficulty of discovering the key for the RSA cipher most commonly
used for public-key encryption depends on the difficulty of factoring large
numbers, a well-known mathematical problem.
Encryption strength is often described in terms of the size of the keys used to
perform the encryption: in general, longer keys provide stronger encryption. Key
length is measured in bits. For example, 128-bit keys for use with the RC4
symmetric-key cipher supported by SSL provide significantly better cryptographic
protection than 40-bit keys for use with the same cipher. Roughly speaking, 128-bit
RC4 encryption is 3 x 10
26
times stronger than 40-bit RC4 encryption. (For more
information about RC4 and other ciphers used with SSL, see Appendix K,
“Introduction to SSL.”)
Different ciphers may require different key lengths to achieve the same level of
encryption strength. The RSA cipher used for public-key encryption, for example,
can use only a subset of all possible values for a key of a given length, due to the
nature of the mathematical problem on which it is based. Other ciphers, such as
those used for symmetric key encryption, can use all possible values for a key of a
given length, rather than a subset of those values. Thus a 128-bit key for use with a
symmetric-key encryption cipher would provide stronger encryption than a 128-bit
key for use with the RSA public-key encryption cipher. This difference explains
why the RSA public-key encryption cipher must use a 512-bit key (or longer) to be
considered cryptographically strong, whereas symmetric key ciphers can achieve
approximately the same level of strength with a 64-bit key. Even this level of
strength may be vulnerable to attacks in the near future.
Because the ability to surreptitiously intercept and decrypt encrypted information
has historically been a significant military asset, the U.S. Government restricts
export of cryptographic software, including most software that permits use of
symmetric encryption keys longer than 40 bits. For detailed information about
these restrictions as they apply to Netscape products, see Export Restrictions on
International Sales at the following URL:
http://developer.netscape.com/docs/manuals/security/exprt/index.htm
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...