SSL FAQ
Should I really be concerned about Internet privacy?
The connection
between you and AnonymousSpeech.com can be routed through dozens of
independent systems, any of which can easily be monitored. You should consider non-encrypted
e-mail, web browsing, chatting, and any other Internet use about as private as yelling
to someone across a crowded room.
What does SSL mean to me, the average Internet user?
When you access AnonymousSpeech.com via SSL, your browser will likely display a 'closed
lock' icon to inform you that SSL has been enabled. The web site address
should also now start with "https://" rather than the usual "http://".
 |
SSL Lock (Internet Explorer 6.0)

Secure access via https://
 |
In a nutshell,
SSL allows a secure connection between your web browser and a web server. This secure
information 'tunnel' was developed by Netscape Communications and was based on encryption
algorithms developed by RSA Security. SSL is being widely adopted by numerous companies
for other client/server uses other than web surfing.
Who uses SSL?
Most all
web-based online purchases and monetary transactions are secured by SSL. When
you submit your credit card to purchase a compact disk from Yahoo’s Online Shop,
for example, the order form information is sent through this secure tunnel so that
only the folks at Yahoo can view it.
You may also be familiar with online banking. Financial institutions use SSL to
secure the transmission of your PIN number and other confidential account data.
What are web server SSL certificates?
Web server
certificates has become the defacto standard for organizations to deliver online
trust. Web server certificates are used to authenticate the identity of a website
to visiting browsers. When a user wants to send confidential information to a web
server, the browser will access the server’s digital certificate. The certificate,
which contains the web server’s public key will be used by the browser to: authenticate
the identity of the web server (the website) and encrypt information for the server
using Secure Socket Layer (SSL) technology. Since the web server is the only entity
with access to its private key, only the server can decrypt the information. This
is how the information remains confidential and tamper-proof while in transit across
the Internet.
What's the
difference between a 40-bit SSL connection and a 128-bit SSL connection?
AnonymousSpeech.com uses a 128-bit encryption for its service because 40-bit encryption is considered
to be relatively weak. 128-bits is about 309 septillion times ( 309,485,000,000,000,000,000,000,000)
larger than 40-bits.
Equated
to the real world, sending information without encryption is like sending a postcard
through the mail - the contents are visible to practically anyone who wants to see
it. Using this analogy, 40-bit encryption is like sending the information in an
plain white envelope. 56-bits could then be equated to using a security envelope
that is printed to prevent it from being see-through.
Relative
to these strengths, 128-bit encryption could be compared to encasing your data in
a lead-lined, 12-inch thick titanium safe that is being transported by an armored
tank with a convoy of a hundred armed guards. In other words, 128-bits is considerably
more secure than 40.
So how can I tell if my web browser has 128-bit encryption?
Most newer
browsers now support a variety of SSL bit strengths. This ensures that the browsers
are fully compatible with most all web servers and digital certificates, which were
also shipped worldwide at lower encryption strengths.
If you have
an older browser you downloaded without filling out an brief residency confirmation
form, you likely have the 40 or 56-bit version. Check your browser's encryption
preferences to see what strengths you have available.
You can check your browsers
encryption preferences here.
Why isn't SSL used on a web site all the time?
All information going back and fourth between the client and server is being put
through an encryption process instead of being sent in plain text, the server and browser
take longer to process this data. The speed difference may not be noticeable on
a single page, but if all of a website's pages were encrypted, the server's performance
could be significantly reduced.
Some web
site administrators may set their servers to only require 40 or 56-bit operations,
which may be fine for less sensitive information. Most financial institutions require
128-bit browser strength to ensure optimum security.
|