128 Bit vs. 256 Bit Encryption

ssl encryption

When you are ready to purchase an SSL certificate, you will have to choose the type of encryption that you want. First of all you need to understand what SSL is, SSL stands for Secure Sockets Layer. This is a way for your Web site to receive personal payment information on a secure channel, using a system of coding and decoding in order to keep hackers and others from stealing sensitive information. There are a number of levels, including 40 bit, 128 bit and 256 bit encryption. However, 40 bit encryption is rarely used anymore; the current industry standard is 128 bit. The real question you have to ask yourself is whether you want to pay extra for secure sockets layer protection with 256 bit encryption.

What is a bit?

Encryption is the process of turning intelligible information into useless information. The information, however, only appears useless to those who do not have the proper means to decode the information. With SSL encryption, there is also a key. The key allows the right people to be able to decode the information. This is very important when you are protecting personal payment information (ie. credit card encryption) from would-be identity thieves and others online.

When you are dealing with encryption, you are dealing with pieces of information called a bit. At it’s most basic, a bit is one piece of information, represented by a number. Something with 40 bits would have 40 characters. 40 bit encryption, however, is not very strong. It is not terribly difficult to crack using today’s computers which can crunch large number combinations quickly in order to determine every possible key in an effort known as a brute force attack. Increasingly complex encryption has been developed for SSL certificates in order to be more effective and secure.

Is 256 bit encryption really better than 128 bit encryption?

If you look at 128 bit encryption, you will see that there are 88 more bits of key length than a 40 bit encryption. Just that change means that there are 288more combinations. This makes it much harder hackers to try to crack the code. We’re talking something well beyond the range of the trillions. So, as you might guess, 256 bit encryption is even stronger. (There is an intermediary blog, 192, that really isn’t used much amongst SSL certificate providers.) Both of these types of encryption make use of what is known as Advanced Encryption Standard (AES), which makes use of a special algorithm.

For the most part, 128 bit encryption is more than sufficient. It is complex enough to make a brute force attack mostly useless at this time. The processing power needed, among other things, would render most attackers ineffective. However, as technology advances, it is expected that at some point the industry standard will have to shift to 256 bit encryption for secure sockets layer protection. However, many experts predict that 128 bit encryption will be sufficient for another eight to ten years.

If you are looking to get your SSL certificate on a budget, chances are that you will be fine with 128 bit encryption. You are unlikely to need 256 bit encryption, and paying for it may not be an option. If you want the extra security, and your business can handle the expense of increased security, it might be worth it to you.

There are some free SSL certificates that offer 40 bit encryption, and you would be wise to pay for 128 bit encryption rather than risk the chance that your business Web site becomes vulnerable to attack. While 256 bit encryption may not be necessary, it is definitely recommended that you get an SSL certificate with at least 128 bit encryption to protect your ecommerce website and your customers.