Note: almost all modern browsers are generally now capable of 128-bit encryption

There are two main levels of SSL certificate strength that are commonly used on the Internet, 40 or 128 bit. 40-bit certificates are not as strong as 128-bit certificates, although in practice 40-bit is often sufficient for the purpose. 128-bit certificates are the strongest certificates available commercially for SSL, and considered almost unbreakable. Some applications also use 56-bit keys which are somewhere in between in terms of their strength.

Is 128-bit encryption much stronger than 40-bit?

Each additional "bit" of data added to the key size means the key takes twice as long to break. This means a 41 bit key is twice as strong as a 40-bit key. A-128 bit key is 4,722,366,482,869,645,213,696 times as strong as a SSL 56-bit key (and even more times stronger than a 40-bit key).

What is the right encryption strength?

The cost for getting a 128-bit SSL certificate is often the same or not much more than for a 40-bit cert, and as the huge numbers above demonstrate there is really no comparison in terms of how much stronger the 128-bit cert really is.

Where possible we thus recommend using a minimum of 128-bit SSL for commercial transactions online and any other web-based activity that requires encryption in transit.

Last updated 08 Apr 2005

Do you have any suggestions or comments on this page?