Security Investigate

Server-Gated Cryptography: The Illusion of Security

Download now Registration not required

Executive Summary

As security vendors compete for market share for SSL certificate sales, some attempt to gain a better foothold by claiming that expensive Server-Gated Cryptography (SGC) certificates are required for 128-bit security. This just isn't the case. SGC is not required to enable 128-bit security for virtually all browsers deployed today. In fact, supporting browsers that require SGC can introduce serious security vulnerabilities to very common present-day attacks. All users who still require SGC are using extremely outdated versions of Web browsers that have not been updated to address the multitude of security issues that have been identified since they were released; security issues that are far more severe than weakness in the cryptography. This poses a significant risk to both the user and the organization.

  • Format: PDF
  • Size: 325.9 KB