|
....
However, just in case you want the technical
background (so you know we didn't make this stuff
up), here is the information as supplied to us
directly from the creators of the program:
__________________________________________________________
Since its inception in 1995,
SSL or Secure Socket Layer has been the standard
protocol for providing critical security services
to Internet users worldwide. SSL encompasses
multiple cryptographic algorithms of varying
strengths, making it appropriate for use in both
domestic and export scenarios simply by
manipulating the supported ciphers. SSL has gone
through a number of versions over the past 7
years, and has recently come to be known as TLS,
or Transport Layer Security. SSL version 3.1 and
TLS version 1.0 are different names for the same
protocol.
Background
In addition to encrypting
data or providing confidentiality, the
characteristic for which it is best known, SSL
also offers message integrity, authentication,
and key exchange services. Although SSL neatly
comprises these four security services, they are
actually offered by three to four distinct
mechanisms within SSL:
- Confidentiality
is offered by symmetric ciphers, or
shared-secret key cryptography. This
sort of cryptography is very fast,
not very computationally demanding,
and uses a single key for both
encrypting and decrypting data.
Symmetric ciphers used by SSL
include DES, 3DES, RC2, and RC4 and
can range in strengths from 40 bits
to 168 bits.
|
- Message
Integrity is a
mechanism through which SSL
guarantees that data that has been
transferred has not been tampered
with. The way in which SSL provides
this service is via Message Digests,
or Hashing. Message Digests work by
taking input of any length and
calculating based on that input a
unique fixed length output. Changing
even a single character in the
source would result in a change to
the output, or the digest, and it is
theoretically impossible for two
different sources to result in the
same digest. Message digests used by
SSL include MD5 and SHA1.
|
- Authentication
and Key Exchange,
although separate functions, are
commonly grouped together because
they are usually provided by the
same routine, namely, the RSA
“Handshake”. Authentication is
based upon x.509 certificates,
commonly known as Digital
Certificates. Digital Certificates
are issued by well-known Certificate
Authorities such as Verisign, and
they contain digitally signed
identifying information for the
subject and the issuer, a range of
temporal validity, and the
subject’s Public-Key. It is the
public key that is at the core of
the RSA key exchange, along with its
mated counterpart, the private key.
This key exchange employs a
technique known as asymmetric or
public-key cryptography, which means
that one key is used for encryption
(generally the public key) and
another is used for decryption (the
private key). Unlike symmetric
cryptography, asymmetric
cryptography is terribly
computationally intensive, and can
burden even today’s fastest
processors. Because each new SSL
connection that is established
incurs an RSA operation,
high-traffic secure sites realized
long ago that they needed a means of
minimizing the performance
degradation their sites were
experiencing by bearing the
necessary burden of cryptography.
|
The SSL Accelerator was
introduced in 1998 to solve the problem of site
slow-downs caused by running SSL in software.
Available in either PCI or SCSI form factors,
the hardware SSL Accelerator was a dedicated
co-processor that excelled at random number
generation, and at performing modular
exponentiation, the math behind the RSA
operation. Although the accelerator sped the RSA
operation, it had a number of drawbacks: it
required special software and drivers in order
to work, it was only able to accelerate one
server at a time, and it did nothing for the
other components of SSL. While the first two
drawbacks affected interoperability,
maintainability, and scalability, the third
proved to be the greatest limiting factor of the
accelerator.
__________________________________________________________
Yeah...
We don't know what it means either. What we
DO know is, IT WORKS!
|
