Results 1 to 1 of 1
Jul 14, 2004, 02:29 #1
- Join Date
- Mar 2004
- Western Australia
- 0 Post(s)
- 0 Thread(s)
SSL downgrade to 40-bit: how do buyers know?
If a person on a secure server wants reassurance that they are going to go ahead making a purchase, and that their purchase is fully encrypted (128-bit) and not downgraded (40-bit), how do they know this?
If the padlock icon is present, does this mean that it is 128-bit, guaranteed? or could the padlock also imply a 40-bit session (which I hear can be cracked). If a downgrade occurs, will a warning box spring up for the visitor, so that they know of compromised security, or is this not a given either? Would this warning box comprehensively state the 40-bit downgrade, or just say there's some kind of problem with the sites secuirty certificate? Should I advise visitors that if they use under a certain version of browser they won't be able to get maximum 128 bit.
And if a downgrade hasn't occured but they simply can't get any level of security happening for their purchase, does anything different occur here?
Last edited by mattyj; Jul 20, 2004 at 21:04.