General discussion


40-bit vs 128-bit browser incryption outside the US

By Tink56 ·
Our marketing department has a FAQ on our web site that contains information I have quoted at the end of this post. I have no idea where this information came from; most likely compiled from other financial institution web sites. I googled several and found comparable wording.

Our web designer is updating the FAQ and asks if the information is still valid regarding the United States restricting the export of software that uses 128-bit encryption.

Anyone know anything about this? If so, any ideas on how might be re-worded.

Here is the text I pulled from the FAQ:

<<<<<<<<<Q: Does your site provide security to prevent my account information from being intercepted online?

A: Yes. We provide secure financial services through a protocol known as the Secure Sockets Layer. The Secure Sockets Layer prevents other computers along the route from eavesdropping by encrypting all data transmitted between our site and your computer. Intermediate computers would see each packet of information as a meaningless jumble of bytes. The sending end encrypts, or encodes, the data with one key before it is transmitted. The receiving end decrypts, or decodes, the data with another key. Members that live in the United States can use browsers that support 128 bit keys. Cracking a 128 bit key would involve trying all 2128 combinations. Members that live abroad are currently restricted by the US Government to using browsers that support 40 bit keys. Cracking a 40 bit key would involve trying all 240 combinations, which is over one trillion combinations. A 40 bit key is less secure than a 128 bit key, but does provide an adequate level of security for member financial services. The Secure Sockets Layer validates the identity of our site to you through the use of a digital certificate. After you connect to our site in secure mode, our site sends your browser a signed digital certificate, which contains the name of our Web server, its public encryption key, the certificate's validity dates, the name of the certification authority that issued the digital certificate to our site, and an unforgeable digital signature. The digital certificate authenticates to you that you are indeed connecting to our site. The Secure Sockets Layer ensures that the data transmitted between your computer and our site has not been tampered with through the use of Message Authentication Codes (MACs). A MAC is based on the actual data itself, similar to a checksum. This provides a quick way for the receiving end to verify that the data wasn't changed enroute. Our site requires that you use a browser that supports SSL and Cookies.>>>>>>>>>

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Protect Act of 1999

by andy In reply to 40-bit vs 128-bit browser ...

A little googling turned up this tidbit of info.

Collapse -

you mean

by Jaqui In reply to 40-bit vs 128-bit browser ...

the usa is still prohibiting the export of 128 bit encryption?

I know it's classified as weapons technology and controlled for export and improt in most countries.

nope, it's not still restricted to north america, it's now available globally.
( full 128 bit encryption included for mozilla's browsers for everywhere. )

Collapse -


by gary In reply to you mean

It's now standard that IE has 128-bit ENcryption (How can anyone spell ENCRYPTION wrong?!)

I don't recall seeing anything pertaining to acceptance of an agreement whereby only certain contries were allowed to download the 128-bit version.

Collapse -

there was

by Jaqui In reply to Correct

when 128 bit encryption first came out, an agreement limiting it to only the us and canada.

not even most of europe could download the 128 bit versions of netscape and ie.

this does go back to the mid 1990s, so it's to be expected that the tech has profliferated across the resrtictions now.

Related Discussions

Related Forums