Since you’re here, we assume that you’ve been shopping around and looking at different SSL certificates to see what the best option would be for your domain or domains. Congratulations! That means either you care about the security and integrity of your site and data — or it means that you know Google has essentially made SSL a requirement for websites to not be marked as “Not Secure.” Either way, we’re just glad you’re here.
Something you likely noticed during this investigation process is that there are different levels of encryption strength that you can choose from, including 128 bit vs 256 bit. But what do these numbers and terms actually mean in terms of security? And how do you know what’s better for your website?
Sit back and get comfortable — we’re gonna break it down for you.
How Encryption Works — In a Nutshell
Before we can get into the nitty-gritty of encryption, we first need to make sure that you understand that the type of SSL certificate you purchase doesn’t dictate the strength of your encryption. All SSL certificates, regardless of type, facilitate the same level of encryption across the board. The true determining factor of your encryption strength depends on other factors, including your server configuration and the capabilities of the client’s (end user’s) browser.
Okay, now that that’s out of the way, let’s quickly recap how encryption works: When you encrypt something, it means that you’re taking readable, unencrypted data (known as plaintext), and are using an algorithm or cipher to convert it into encrypted data (known as ciphertext). The algorithm or cipher is known as a private key — something that needs to be kept secret in most cases (with the exception of public key) to protect its viability and security.
Security Claim vs Security Level When It Comes to 128 vs 256 bit Certificates
So, this means that when a company tries to sell you a “256-bit SSL certificate,” what that translates into is that they’re selling you a certificate that has a key with the capability of facilitating encrypted connections up to 256 bits. It’s a security claim — what the algorithm or hash (known as a cryptographic primitive) was designed to achieve — versus the actual security level of the encryption — what the cryptographic primitive actually offers. This is a very important distinction.
So… Just How Strong is 256-Bit Encryption, Really?
The answer to this question isn’t clear-cut and differs depending on the context — it could be referring to encryption strength level or it could be referring to key size. Furthermore, the answer also depends on which type of encryption algorithm you’re using — asymmetric vs symmetric.
- Symmetric encryption relies on a shared private key that’s kept secret by the two parties in the transaction and is used to both encrypt and decrypt the information.
- Asymmetric encryption, on the other hand, involves the use of a public key and is kind of a form of one-way encryption. One party possess a public key (for encryption) and the other a private key (for decryption).
Requiring significantly more computation to perform, asymmetric encryption is also used frequently as a mechanism for exchanging symmetric keys (which require less computational overhead). So, essentially, asymmetric encryption is primarily used for key exchange. It creates a secure channel to exchange the symmetric key.
What “Bits” Are in Terms of Encryption
We keep talking about bits… but what does that really mean?
When referring to 256-bit encryption in the context of SSL/TLS, though, it usually is talking about Advanced Encryption Standard (AES), a type of block cipher encryption. With AES, 256 bits really does mean 256 bits, which is very strong. Essentially, the 256-bit “encryption strength” that SSL companies are referring to frequently applies to the key strength.
- A 128-bit key means that there’s 2128 possible key combinations a hacker would have to try to break the encryption.
- A 256-bit key, on the other hand, means that there’s 2256 possible combinations — as in 2x2x2x2… meaning 2×2 multiplied a total of 256 times. This means that there are 115,792,089,237,316,195,423,
640,564,039,457,584,007,913,129,639,936 possible combinations.
That’s a lot of numbers. Even if it didn’t take the hacker trying every individual combination to hit the jackpot and break the encryption, it still would take many, many years to do so. This type of exercise would extend far beyond a single human’s lifespan — as well as those of their kids, grandkids, great grandkids, etc. down through your family’s line of descendants — without the help of something like quantum computing. And, considering that SSL/TLS certificates only have a one- to two-year lifespan — Google wants to cut it from 825 to 397 days — it means that many new certificates would be issued before a hacker would ever be able to crack it.
128 Bit vs 256 Bit Encryption: Which is Better?
Much like the approach many people take when buying a burger, a slice of cake, or groceries in bulk at warehouse stores — yeah, we know, we’ve got food on the brain at the moment (skipped lunch) — bigger is typically better when it comes to choosing between 128 bit and 256 bit encryption SSL certificates. While 256 bit may require more CPU, it’s still better to have more possible combinations to thwart hackers and to keep them from cracking it.
Just remember, though, that the true strength of encryption ultimately depends on your server config and client.
At CheapSSLonline.com, we offer SSL certificates that offer 128-bit and 256-bit AES encryption key strength. Check ‘em out:
Purchase an SSL Certificate from CheapSSLSecurity & Save Up to 88%!
We offer the best discount on SSL certificates starting as low as $5.45 per year.