Why are SSL certificates so important?
SSL (Secure Sockets Layer) is a system that allows computers to communicate securely over unsecured networks (i.e. networks to which anyone is able to connect – like the Internet). Information sent between computers can potentially be intercepted by criminals or, even worse, criminals can set up a website that looks exactly like yours and impersonate your business or organisation.
The value in establishing trust between you and your customers is higher than ever, with the ever-present threat of online fraud and fake sites stealing traffic. The need to reassure your customers that their information is safe and that they are really on your site becomes increasingly vital.
An SSL certificate is an excellent way to build this trust. It demonstrates your commitment to security and to keeping customer information safe as well as verifying for the customer that they are really on your website. A visible sign that you have registered an SSL certificate for a domain is a padlock appearing in the customer’s browser, which is highly recognised by web users to show that they are on a secure site. Further security is guaranteed by an Extended Validation certificate that is evidenced by a green address bar.
How strong is SSL?
SSL uses a handshake procedure to exchange public-key encryption. From this, the server generates a session key between the client and the server, which is unique to the particular transaction and works for both sending and receiving data. Since the key for each session is completely unique, even if a hacker did manage to break the key on one data transmission then they would not have managed to find the server’s secret key and, if they wanted to decrypt another transaction, they would need to spend as many resources as it took to break the first transmission. All of this is after they have found a method of intercepting the data going between one web server and another.
Web Servers and browsers handle encryption in general using between 40-bit and 256-bit keys with modern web servers and browsers using either 128 or 265-bit encryption, giving you even higher levels of protection.
A few years ago, a French research group was able to break 40 bit encryption using a network of fast computers; however it took over a week to do. Given that online transactions take a fraction of a second, if a network of fast computers takes a week to crack a 40-bit key, you’d have completed your transaction and be long gone before a hacker had even got started.
Using a 128-bit key eliminates this problem completely because there are 2128 instead of 240 possible keys. If you tried a similar method using a network of powerful computers to crack a 128-bit encrypted message it would take significantly longer, much longer, around 13.75 billion years, the current age of the universe and then some.
Why do you need an SSL?
- Establishes your website’s credentials
- Secures your customers’ information
- Increases trust of your site and brand, resulting in more traffic and transactions
- Increases customer value