The Internet has become a global forum for the exchange of all kinds of information, both public
and private. Personal discourse, political and legal debate, commerce, and more all take place on the
Internet, and the range of information that occupies its bandwidth is rapidly growing. Before the
Internet's population explosion, usernames and passwords were considered sufficient to protect private
information. However, as the Internet assumes an increasingly important role in society, the value of
its content rises--and so does the incentive to steal information.
Simple passwords may help prevent unauthorized parties from requesting information, but they do not
prevent them from eavesdropping as the data--or even the password itself--makes its way from router to
router toward its destination. In fact, even though the data take only milliseconds to jump from one
router to the next, the routers themselves may keep copies in cache for some time afterward. As long
as they are readable in transit, your business correspondence, credit card number, personal documents,
or travel plans can easily be picked up by a third party. If you run an online service, the privacy
and security of hundreds or even thousands of users is in your hands.
To address this problem, Netscape developed the Secure Sockets Layer (SSL) protocol for
authentication and encryption over TCP/IP networks, including the Internet. Under this protocol,
clients and servers can reliably authenticate each other and then exchange encrypted data that only
they can decode. The key that unlocks the encrypted data is itself encrypted, leaving no
means for an unauthorized party to read the information.
SSL encryption uses ciphers, which differ from codes in that they are systematic and
mathematical
rather than arbitrary and symbolic. The strongest ciphers are based on the random generation of
two large prime numbers. When the two prime numbers are multiplied, the product is a number so large
that ordinary computers cannot factor it back to the two original primes. When data is encrypted using
a mathematical formula and the extremely large product, it cannot be deciphered without the two prime
numbers. As long as the original prime numbers are kept secret, no one can decipher an SSL-encrypted
message without an extravagant expediture of resources. The large numbers used to encrypt and decrypt
data are called keys. Their complexity also makes them useful for authentication purposes.
See "Keys and Certificates" for more
detailed information about how SSL encryption and
authentication work.
