Symantec Corporation (SYMC) has discovered a new revolutionary technology upgraded the level of the security provided by the SSL certificates. It is now providing its customers with SSL certificate which is created by multiple algorithms including Elliptic Curve Cryptography (ECC) and Digital Signature Algorithm (DCA), which will not only beat the traditional approach but also is 10,000 times difficult to break in.
For any type of website whether it is small or large, securing its customer’s data, protecting its reputation and the transactions are the most important as well as the most sensitive issue. SSL certificates ensure the security of the websites.
Long back in 1985, when ECC approach introduced; that was based on mathematical approach in order to fasten the processing speed at lower bit lengths. According to Symantec, speed is now becoming the vital element because of the National Institute of Standards and Technology (NIST), which wants the websites to be migrated from RSA 1024-bit to 2048-bit up till Jan, 1, 2014 under federal regulations. In addition, this should be compulsory as from precautionary point of view, larger length cryptography is hard to break.
According to Bob Hoblit, a senior director of product management in Symantec’s Website Security Solutions division, Brute force attacks can be a way of breaking crypto algorithms. As far as the longer-length crypto algorithms stands, they are exhaustive and too slow in use. Symantec has claimed to offer a 256-bit ECC certificates which is almost equal to security provided by 3072-bit RSA certificate.
Symantec has tested and found that the ECC is far better in performance and response time when it comes for server-to-desktop than that of RSA certificate handling 450 requests per second with an average response time of 150 milliseconds to the desktop, where in ECC takes only 75 milliseconds. You can refer this detailed news release published by Symantec recently at their official newsroom.
The only question, which stands unanswered, is the support of the browsers for the crypto “root”. Browsers like: Microsoft Internet Explorer, Google Chrome and Mozilla Firefox do have a code for the “root” info for ECC crypto in their various versions. Also Google’ software engineer Adam Langley fulfilled the commitment of ECC support done to Symantec by saying that the browser will support Elliptic Curve Digital Signature thoroughly on all the operating systems.
For web servers there must be a way out through which they support the ECC crypto like: Apache has included the “ECC optimizing version”. Symantec is currently testing the ECC with its IT partners like Citrix, Akamai Technologies, AT&T, HID, Juniper and so on among which Akamai Technologies has taken it seriously and started working in that direction. Symantec is looking forward to enable ECC on the cloud and in the mobile devices.
Suppose if the ECC is not enabled and does not work for certain environment then the RSA will come into action for dual mode with RSA based and ECC-based SSL certificates. Symantec is seeing that its customers get the newly launched ECC certificate along with the RSA certificates that too at the same price.
About Author:
Peggy is Head of Sales and marketing division of theSSLshop, an authorized reseller of Symantec SSL certificate products. Her vast knowledge domain consists of expertise in marketing of security products with the help of Organic Search Marketing, Paid Search Marketing, Social Media Marketing, Blogging and ecommerce Website Marketing.
BrookRChelmo Very true Brook, as you may be aware of various cyber attack that has been found on popular websites and industries, this technology will strengthen the security of such online properties.
ECC is clearly the future of TLS/SSL since its lighter, faster, stronger, and better than RSA. Since 1024-bit RSA certificates are reaching their end of life this year the performance impact of a 2048-bit RSA certificate will be significant to anyone who handles numerous SSL handshakes.