We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

UK way behind US on SSL encryption

Short keys prone to hack attacks

Up to 18 percent of servers using SSL (Secure Sockets Layer) encryption technology are potentially vulnerable to hackers, with the problem being far more pronounced in the UK than in the US, according to the latest monthly survey of web server usage conducted by Netcraft.

SSL is a common protocol for managing the security of message transmission on the internet. Browser-based SSL technology is most secure if the server's public key, used to guarantee the authenticity of a transaction, is at least 1024 bits long.

The use of shorter keys makes it easier for hackers to break the key and impersonate the server, according to the Bath-based company.

In a survey posted on its website Netcraft revealed that about 60 percent of all websites using the SSL technology are based in the US of which approximately 15.1 percent are using short keys.

In the UK, however, more than one in four SSL sites are using the shorter keys.

"Because it is not obvious to the end user what a server's choice of cryptography is or how many bits are being used in a website's SSL encryption key, there is little pressure from end users to improve such security," the survey reads.

Currently, lock symbols are displayed in browser windows during SSL sessions to indicate that a site is secure, no matter what the length of the key is.

Netcraft suggests that browser developers could help improve future security by displaying a graded indication of key length.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia