|
....
However, just in case you want the technical background (so you
know we didn't make this stuff up), here is the information as
supplied to us directly from the creators of the program:
__________________________________________________________
Since its inception in 1995, SSL or Secure
Socket Layer has been the standard protocol for providing critical
security services to Internet users worldwide. SSL encompasses
multiple cryptographic algorithms of varying strengths, making it
appropriate for use in both domestic and export scenarios simply
by manipulating the supported ciphers. SSL has gone through a
number of versions over the past 7 years, and has recently come to
be known as TLS, or Transport Layer Security. SSL version 3.1 and
TLS version 1.0 are different names for the same protocol.
Background
In addition to encrypting data or providing
confidentiality, the characteristic for which it is best known,
SSL also offers message integrity, authentication, and key
exchange services. Although SSL neatly comprises these four
security services, they are actually offered by three to four
distinct mechanisms within SSL:
- Confidentiality
is offered by symmetric ciphers, or shared-secret
key cryptography. This sort of cryptography is very
fast, not very computationally demanding, and uses a
single key for both encrypting and decrypting data.
Symmetric ciphers used by SSL include DES, 3DES,
RC2, and RC4 and can range in strengths from 40 bits
to 168 bits.
|
- Message Integrity
is a mechanism through which SSL guarantees that
data that has been transferred has not been tampered
with. The way in which SSL provides this service is
via Message Digests, or Hashing. Message Digests
work by taking input of any length and calculating
based on that input a unique fixed length output.
Changing even a single character in the source would
result in a change to the output, or the digest, and
it is theoretically impossible for two different
sources to result in the same digest. Message
digests used by SSL include MD5 and SHA1.
|
- Authentication and Key
Exchange, although separate
functions, are commonly grouped together because
they are usually provided by the same routine,
namely, the RSA “Handshake”. Authentication is
based upon x.509 certificates, commonly known as
Digital Certificates. Digital Certificates are
issued by well-known Certificate Authorities such as
Verisign, and they contain digitally signed
identifying information for the subject and the
issuer, a range of temporal validity, and the
subject’s Public-Key. It is the public key that is
at the core of the RSA key exchange, along with its
mated counterpart, the private key. This key
exchange employs a technique known as asymmetric or
public-key cryptography, which means that one key is
used for encryption (generally the public key) and
another is used for decryption (the private key).
Unlike symmetric cryptography, asymmetric
cryptography is terribly computationally intensive,
and can burden even today’s fastest processors.
Because each new SSL connection that is established
incurs an RSA operation, high-traffic secure sites
realized long ago that they needed a means of
minimizing the performance degradation their sites
were experiencing by bearing the necessary burden of
cryptography.
|
The SSL Accelerator was introduced in 1998
to solve the problem of site slow-downs caused by running SSL in
software. Available in either PCI or SCSI form factors, the
hardware SSL Accelerator was a dedicated co-processor that
excelled at random number generation, and at performing modular
exponentiation, the math behind the RSA operation. Although the
accelerator sped the RSA operation, it had a number of
drawbacks: it required special software and drivers in order to
work, it was only able to accelerate one server at a time, and
it did nothing for the other components of SSL. While the first
two drawbacks affected interoperability, maintainability, and
scalability, the third proved to be the greatest limiting factor
of the accelerator.
__________________________________________________________
Yeah...
We don't know what it means either. What we DO know is, IT
WORKS!
|
