|
.... However, just in case you want
the technical background (so you know we didn't make this stuff up), here is the
information as supplied to us directly from the creators of the program:
__________________________________________________________
Since its inception in 1995, SSL or Secure Socket Layer has
been the standard protocol for providing critical security services to Internet
users worldwide. SSL encompasses multiple cryptographic algorithms of varying
strengths, making it appropriate for use in both domestic and export scenarios
simply by manipulating the supported ciphers. SSL has gone through a number of
versions over the past 7 years, and has recently come to be known as TLS, or
Transport Layer Security. SSL version 3.1 and TLS version 1.0 are different
names for the same protocol.
Background
In addition to encrypting data or providing
confidentiality, the characteristic for which it is best known, SSL also
offers message integrity, authentication, and key exchange services. Although
SSL neatly comprises these four security services, they are actually offered
by three to four distinct mechanisms within SSL:
- Confidentiality
is offered by symmetric ciphers, or shared-secret key
cryptography. This sort of cryptography is very fast, not very
computationally demanding, and uses a single key for both
encrypting and decrypting data. Symmetric ciphers used by SSL
include DES, 3DES, RC2, and RC4 and can range in strengths from 40
bits to 168 bits.
|
- Message Integrity
is a mechanism through which SSL guarantees that data that has
been transferred has not been tampered with. The way in which SSL
provides this service is via Message Digests, or Hashing. Message
Digests work by taking input of any length and calculating based
on that input a unique fixed length output. Changing even a single
character in the source would result in a change to the output, or
the digest, and it is theoretically impossible for two different
sources to result in the same digest. Message digests used by SSL
include MD5 and SHA1.
|
- Authentication and Key Exchange,
although separate functions, are commonly grouped together because
they are usually provided by the same routine, namely, the RSA
Handshake. Authentication is based upon x.509 certificates,
commonly known as Digital Certificates. Digital Certificates are
issued by well-known Certificate Authorities such as Verisign, and
they contain digitally signed identifying information for the
subject and the issuer, a range of temporal validity, and the
subject's Public-Key. It is the public key that is at the core
of the RSA key exchange, along with its mated counterpart, the
private key. This key exchange employs a technique known as
asymmetric or public-key cryptography, which means that one key is
used for encryption (generally the public key) and another is used
for decryption (the private key). Unlike symmetric cryptography,
asymmetric cryptography is terribly computationally intensive, and
can burden even today's fastest processors. Because each new SSL
connection that is established incurs an RSA operation,
high-traffic secure sites realized long ago that they needed a
means of minimizing the performance degradation their sites were
experiencing by bearing the necessary burden of cryptography.
|
The SSL Accelerator was introduced in 1998 to solve the
problem of site slow-downs caused by running SSL in software. Available in
either PCI or SCSI form factors, the hardware SSL Accelerator was a dedicated
co-processor that excelled at random number generation, and at performing
modular exponentiation, the math behind the RSA operation. Although the
accelerator sped the RSA operation, it had a number of drawbacks: it required
special software and drivers in order to work, it was only able to accelerate
one server at a time, and it did nothing for the other components of SSL.
While the first two drawbacks affected interoperability, maintainability, and
scalability, the third proved to be the greatest limiting factor of the
accelerator.
__________________________________________________________
Yeah, we don't know what it means
either. What we DO know is, IT WORKS!
|
