我最近一直在研究 SSL 证书,并且看到许多供应商销售的低端证书加密在 40-256 位之间。
但是,当我访问具有此类证书的站点时,它会报告该站点正在使用 256 位加密连接。
既然我们都知道 40 位加密现在严重不足,他们怎么能提供这种可能性呢?
似乎他们提供的东西从完全不适合到适合 - 是这样吗?
问问题
1044 次
1 回答
2
It seems like you mix up two things:
The bit length of the key-pair that belongs to a certificate has nothing to do with the used cipher and it's strength that is used for SSL connections.
The certificate is used for authentication purposes and uses asymmetric cryptography (public and private key forming a key-pair).
The shorter bit lengths you have mentioned are used for encryption of the connection and they are used for symmetric algorithms - their key length is much smaller having an equal security compared to asymmetric crypto algorithms.
Which symmetric algorithm is used for encrypting an SSL connection is negotiated between client and server when the connection starts. Usually the strongest algorithm supported by both sides is used.
于 2012-05-01T16:55:00.970 回答