How do I know if my PC has 128 bit encryption? Googling, it sounds like it is a feature of my browser of choice. I checked on Google for both Chrome and Firefox. The hits were very clear, and it sounds like they both do. BUT! When I Googled for this information about Edge, I got hits saying “128 bit encryption IE v11 for Windows 10”. Does this imply 128 bit encryption is a feature of my OS and/or the Browser I pick? (And, does Edge have 128 bit encryption?)
Either way, how do I check the encryption capability of my Browser? …My OS and/or my PC?
There used to be browser without encryption for embargoed countries like N. Korea. As far as I know, those don’t exist anymore.
SSL, the basis for 128 bit encryption, is actually obsolete. It’s been replaced by TLS which can actually use 256, 512, or even 1024 bit encryption.
Your OP is a little confusing; can you elaborate on what you are trying to achieve or what security standards you are trying to meet?
Most modern browsers support a wide range of cipher suites; you’d be hard pressed to find one that doesn’t support at least AES-128bit. For the heck of it, I fired up my version of MS Edge (Edge v. 44.18362.449.0) and it’s permitting negotiation with web servers using AES-256, AES-128… and 3DES (yuck).
The international version of Windows 98 had only 64 bit encryption, but 128 was added by a network upgrade, probably around the time of Windows 2000 (I remember that '98 required an encryption upgrade to work with Win2K network encryption).
If you have the American version of Windows 98, or anything later 
your have 128 bit encryption.
On Windows, an encryption library is provided by the OS, and most if not all web browsers use it. It is a reason why there is no easy upgrade for web browsers on WinXP: newer encryption options required by modern HTTPS are not available in the system library.
I was asked to clarify my question: All I know is that my bank wants to send me paperless statements. It seems they will email me notifications with a link to a statement. They ask me to confirm that I have 128 bit encryption. I presume this is a feature of my chosen browser? (I have no idea what this really means.) The rest of my question shows my confusion and lack of a full understanding of the Google results I found. How does one know if s/he has 128 bit encryption? (If it matters, I am in the US.)
Ah, okay, that makes sense.
Your web browser very likely supports 128-bit encryption. Internet Explorer and Edge use the encryption methods supported by the underlying WindowsOS you are running. Chrome uses its own (I don’t know about Firefox). There are online tools that allow you to view your browser capabilities. For example, here’s one provided by Qualys (they are an information security company): https://www.ssllabs.com/ , ‘Test your browser’ .
You are looking for Cipher Suite support that contains ‘AES_128’ (128-bit encryption) or ‘AES_256’ (256-bit encryption) in the listing.
[quote=“Caldazar, post:6, topic:925480”]
There are online tools that allow you to view your browser capabilities. For example, here’s one provided by Qualys (they are an information security company): https://www.ssllabs.com/ , ‘Test your browser’ .
You are looking for Cipher Suite support that contains ‘AES_128’ (128-bit encryption) or ‘AES_256’ (256-bit encryption) in the listing.[/quote]
Thanks! Now, that is a very practical answer I can understand.
Caldazar says: “You are looking for Cipher Suite support that contains ‘AES_128’ (128-bit encryption) or ‘AES_256’ (256-bit encryption) in the listing.”
Ok, so…in a list of Cypher Suites, I see the following:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (
0xc02b )
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (
0xc02f )
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (
0xc013 )
- TLS_RSA_WITH_AES_128_GCM_SHA256 (
0x9c )
- TLS_RSA_WITH_AES_128_CBC_SHA (
0x2f )
Which one(s) am I concerned about? (I numbered them for convenience.)
All of them. The way it works is that your browser transmits the full cipher suite list to your bank’s web server, in the same order as the tool shows. The bank’s web server then starts at the top of the list and goes down until it finds a security suite it deems acceptable, and then tells your browser what suite item it chose. Your browser and the web server then start communicating using the mutually-agreed-upon cipher suite.
If the bank’s web server is insisting on 128-bit encryption, it’ll probably pick #1 to communicate with your browser. That’s a pretty common negotiated suite that most web servers can use, and it’s at the top of your browser’s presented list.
All the other stuff in the lines relates to other aspects of https:// negotiation (there’s more to secure web transmission than just the encryption).
Caldazar, one last question: In the list I posted of 128 encryptions (above), some are denoted as “forward secrecy” and others are denoted as “weak” (when I view the list at your suggested website, that is). Is either denotation concerning? (As I understand it, 128 bit encryption means 2^128 combinations for a hacker to run through to decode, so how can that be weak? Do they mean weak when compared to 256 encryption???) Thanks again!
Forward secrecy just means that if a hacker captures your encrypted data and saves it someplace, and then later hacks into the web server to obtains the long-term server certificates, they still won’t be able to decrypt the data they originally copied from you.
The encryption key length is not the only consideration. Also at issue is how the encryption key is applied to encrypt the data. You can sometimes get a leg up if you know that a particular encryption method has certain tendencies to output certain encrypted output data patterns, for example. Typically GCM > CBC, for a given key length.
Some encryption algorithms have been found to have weaknesses that mean that attackers don’t have to search the full keyspace. “Weak” in the list likely means that the algorithm has known weaknesses.
Short Answer is yes you do.
As a previous poster mentioned you can check your browser’s encryption capabilities at SSLlabs using the link they provided. The other “piece” is the encryption cipher suites offered by the website itself. You can also check those at SSLlabs: SSL Server Test (Powered by Qualys SSL Labs) . Try typing in your bank’s login page URL.
If you’ve got a cipher suite on your browser which matches one on the website you’re all good.
You can also go to your bank’s website. No need to login. Then, and this will differ by browser, click on the lock icon, and then click on some other things. Eventually you should be able to bring up page telling you what encryption is being used. When I go to my bank it comes up and says “TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2”.
Figuring out if that good cipher to use is a different question. This page is a good place to start. The ECDHE-RSA-AES128-GCM-SHA256 my browser is using is listed in the category described as “highly secure and compatible with nearly every client released in the last five (or more) years” so it should be fine.
https://wiki.mozilla.org/Security/Server_Side_TLS