I agree with you that as far as the end user is concerned, SSL provides a lot more security than the other channels they’ve been using for years. However, the main problem is when the company believes that using SSL makes everything secure. Too many companies make this kind of data available on the web (using SSL) without ever considering all the other implications of having this data mounted on a publically-accessible web server.
In the old days when they were sending you your statements by postal mail, all this data was on a server or a couple of workstations down in the HR department, and it was pretty secure physically and electronically. Now they’ve moved the database to a public webserver. Both companies and users get lulled into a false sense of security because one link in the chain is secured with SSL and they never realize the rest of the chain is bubblegum and twine. Most end-user data is not exposed by sniffing (or reading postal mail) because crackers (in general) don’t care about your data, they care about having thousands of peoples’ data. That’s why they crack the server and steal the whole db.
Short answer to the OP: 128-bit SSL is great for securing data viewed via brower. No worries.
Long answer: if you really value your privacy you better hope your company’s server admin is not a newly-minted MCSE flunky, that they’ve actually done threat modelling and secured against the most likely avenues of attack, not just pasted a lock icon on the users’ browsers. But I’ll grant that this has very little to do with the OP and I’m just ranting…
While we are ranting (but keeping in the GQ spirit), in theory, SSL (TLS) is an excellent secure protocol. Unfortunately, in practice, it is not as strong as it could be.
Why? Well, it isn’t the encryption. As has been described in this thread, the 128 encryption is sufficient for the purposes of providing confidentiality while the communications are in transit across the Internet.
The problem is that confidentiality without authentication and integrity is of little value. Communicating privately with the bad guys does little to offer protection.
As micco implies, security is like a chain, many different links need to overlap each other to provide protection. 128 bit encryption simply makes sure that that link isn’t the weakest anymore.
Authentication is critical. SSL/TLS provides the capability to provide strong authentication of both the client and server. However, in 95% + of the implementations out there, only the server is authenticated strongly. The client is normally authenticated with username/password.
Another common weakness of SSL/TLS, in practice, is that the security ends at the SSL webserver, or the SSL box itself. Communications to the backend database is unsecured. This leaves a “weak link” for anyone that has or could gain access to the backend network.
Practical algorithms for generating primes have been around a long time. First there was Gary Miller’s work in the '70s that generated “probably primes” in polynomial time with an error rate so low it is ignorable. Then came algorithms that could test a given number for primality in “probably polynomial time”. That is, you can trust the answer and you will get it in almost always reasonable time. The newest claim is trustable answer and guaranteed time. You only need large primes to create RSA keys. Factoring is one way to break RSA. Factoring efficiently is still being worked on.
One of the authors of RSA encryption considers 1000 bit keys for his system “weak”. I trust RSA alot more than DES and to me, 128 bits is pathetic. Yes, apples and oranges, but who says you have to brute force break DES? You don’t brute force RSA.
The best way to crack RSA is factoring the keys, which is essentially a brute force attack. “Brute force” just means you have a simplistic attack that is guaranteed to work eventually. Trying every key is only one example but I’d consider factoring in the same boat. A non-brute force attack would be something like differential analysis or exploiting a flaw in the algorithm that made it vulnerable to things like chosen text, chosen key, etc.
AFAIK (but I definitely don’t know all that much) there is no better attack against DES than brute force in general circumstances. A lot of effort has been made in demonstrating how quickly DES could be brute forced (e.g. Deep Crack), which would seem pointless if there were a faster attack. Nobody says brute force is the only way, but I haven’t seen a better one that is generally applicable.
Just out of curiosity, do you consider a 128-bit AES or Twofish key to be pathetic? If so, why?
Not really. The 128 bit encryption only means that the information is protected from someone who is intent on intercepting the traffic between your computer and the server. If such an interception happened all they would see is garbage text, because they don’t have the key to “unlock” the 128 bit encryption of the information.
If I was gonna try and access the data the last thing I would do is try to intercept traffic on the network, unless I was looking for passwords, then maybe. I would probably try to get the data through a different path, perhaps accessing the server through a different port, port 80 (HTTP), as opposed to 443 (HTTPS), or maybe try to get to a different server in the same network and go from there. Of course, if I was really motivated I would just try to get a job at the company hosting the servers and use my access to get to the data then.
As micco points out you do brute force the RSA key. There is a algorithm to generate the 1000 bit RSA keys not every number is a potentially valid RSA key. In fact the almost every number is not a valid key which is why you need 1000 bits or more to have a safe key. This is not the case with the 128 bit DES keys. Pretty much every combination of the 128 bits is a useful key.